Server 2008 Port Forwarding

[iphonogasm]

hi, i saw there was already a post on this but had some questions of my own.

Ive just enabled NAT and am learning how to configure it. Ive setup a DMZ on my router to my server, all works fine and found that windows firewall was controlling my port forwarding rules... my question is am i able to disable windows firewall from controlling port forwarding and use my NAT device to configure it. I found that if i click on IPV4, NAT, Local Area connection and then in the tab "Services and Ports" it has some options for port forwarding?

is this a possbility.. also i found in windows firewall there were heaps of ports open, or listed threre anyway, wouldnt this make using a DMZ quite unsafe?

Thanks in advance!!

 

[ICTCity]

Hi, port forwarding can be made trough Windows Firewall or another firewall. From what *I* know, you cannot do it via "NAT" configuration.

Windows firewall, in a network / domain environment, should be controlled with FIREWALL WITH ADVANCED SECURITY. Basically, Windows Firewall open ports for common communications (HTTP and so on). Let's make another example, if you install Bit Torrent, your firewall asks if the program is allowed or not. If you say YES, then, the current profile is updated. In Windows Firewall there are 3 types of profiles: Private, Domain, Public. Not all 3 have the same settings. You can easily lockdown your firewall removing ports that you don't need or by playing with settings of profile (right click on a profile and then read what you can do). If you need more help, let me know.

 

[iphonogasm]

Haha thankx heaps for your help mate your awesome! I dunno what id do without you

Ill try this tonight

 

[iphonogasm]

i just had a nosey around with the windows firewall options and inbound and outbound rules. i created a rule to control a "port" and entered the ports (8016) remote and local, the only thing is it doesnt let me specify the destination IP eg (8016 >> 192.168.0.130) and therefor the port remains closed.

Ive checked the net for guides on this, but can find absolutely nothing!!

see pic below!

Thanks!!

View attachment 132

 

[ICTCity]

if you click on SCOPE tab you can specify both local and remote address.

no?

 

[iphonogasm]

I tried that. Added the local ip but it doesnt accept the connection

 

[ICTCity]

Remember that when a connection is made, the SERVICE runs on the same port (in your case it should be 8016), but the CLIENT, use a random port and you cannot predict which port will be used. In other words, you should write a rule which says: allow ANY or SPECIFIC IP from ANY port to connect to SPECIFIC IP and SPECIFIC PORT.

Take a look here:

http://lantoolbox.com/articles/configure-windows-firewall-using-command-line/

 

[iphonogasm]

Ok im pretty sure ive tried everything now. Ive tried setting up inbound rules in windows firewall with the specific port but it doesnt let me specify a internal host ip. I have an option for setting up a scope but this doesnt make sense as a scope is a range of ips eg 192.168.0.100 to 192.168.0.200. It asks for a remote scope and localnscope, however i just want it to accept connections from all wan ips and forward to a single internal host ie 3019 forwards to 192.168.0.130. I tried adding the single ip of the host in the local scope setting, still no go

I also read somewhere that setting up port forwarding in windows firewall is not possible and has to be done through NAT.

Also read about installing a "router" role. But cant find it anywhere.

Im really despirate to get this going.

Thanks!

 

[ICTCity]

I can forward traffic with windows firewall, and I'm not using NAT role...

Try the following command:

netsh routing ip nat add portmapping  tcp 0.0.0.0

to retrieve the NIC name type: show interface

let me know.

Are you sure that your router is forwarding the traffic properly?