Prev: <SPAM>
Next: restore users
From: bertpu on 8 Jun 2010 02:30
Hi,
I have to machine, 192.168.1.1,192.168.1.2. I want all the access to
192.168.1.1:8000 being forwarded to 192.168.1.2:7000.
Can server 2003 accomplish this or I should install some other software?
Thanks.
From: Grant Taylor on 8 Jun 2010 06:38
bertpu wrote:
> I have to machine, 192.168.1.1,192.168.1.2. I want all the access to
> 192.168.1.1:8000 being forwarded to 192.168.1.2:7000.

So both the front end target (192.168.1.1) and the back end target
(192.1168.1.2) are in the same IP subnet. Correct?

Presuming that the above statement is correct (for the sake of
discussion), you have to worry about reply traffic passing back through
your front end target 2003 system so that the original requesting client
does not see some unassociated reply from a system that it was not
talking (directly) to, namely the back end target.

I think you would have best luck with some sort of application layer
proxy or something else that establishes a new connection between the
front end target and the back end target. Doing this will cause the
back end target to reply to the front end target which will reply to the
original client, there by preserving the expected connections.

You can accomplish the same thing with a combination of destination
NATing (a.k.a. port forwarding) and source NATing. However, doing so is
more complex and prone to error / maintenance problems.

> Can server 2003 accomplish this or I should install some other software?
> Thanks.

I am not aware of any thing built in to Windows Server 2003 (any
edition) that will do what you are wanting to do. I wouldn't be
surprised if you could get ISA / Forefront to do what you want, but
that's not built in.

I have messed with RelayTCP from DLC Sistemas
(http://www.dlcsistemas.com/html/relay_tcp.html) in a lab environment
and it may do what you are wanting to do. (I'm sure there are others,
but that's the only one that I've messed with on Windows. I usually do
this on Linux.)

I have done something similar using Microsoft's built in IPv4 <-> IPv6
gateway, but I don't know if you can do IPv4 <-> IPv4. ... I suppose
you could do IPv4 <-> IPv6 <-> IPv4, but that is sort of silly if there
are other more direct options. ;-)



Grant. . . .
From: Phillip Windell on 9 Jun 2010 14:27

"bertpu" <bertpu(a)discussions.microsoft.com> wrote in message
news:9BD67539-6D37-4CFF-B36C-7FFA7F36363C(a)microsoft.com...
> Hi,
> I have to machine, 192.168.1.1,192.168.1.2. I want all the access to
> 192.168.1.1:8000 being forwarded to 192.168.1.2:7000.
> Can server 2003 accomplish this or I should install some other software?
> Thanks.

They are on the same subnet,...just go to the one you want directly in the
first place.

In other words,...don't go to 192.168.1.1:8000 in the first place,...just go
to 192.168.1.2:7000 straight from the beginning.

You can not run NAT. NAT works across subnets. What the "home user"
devices call Port Forwarding is really a Reverse NAT. Technically there is
really no such thing as Port Forwarding,..it is a meaningless term created
by the retail homer-user market for marketing purposes. Ports are nothing
more than a Layer4 Address,...."forwarding" means to "route",...Layer4
Addresses are not routable, hence they can't be forwarded. They can be
translated,...Port Address Translation,...but that is not what the home-user
boxes are refering to with "port forwarding".

Other things can be suggested but that depends on exactly what you are doing
and you have not said exactly what you are doing. You are only askinig
about a method,...not a goal. You need to describe the real goal,...so we
can present a correct method to reach the goal.


--
Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------


 | 
Pages: 1
Prev: <SPAM>
Next: restore users