RRAS on Win2003 with 2 public ip's

13 Jun 2009 5:46 PM

Kees Alderliesten

Hello,

I have a win2003 server with 2 ip's on the public interface, say 1.2.3.4 and
1.2.3.5. (1 public NIC)
In RRAS i have configured a portforwarding for public port 81 to port 80 on
een webserver on the private network. Settings:
Public address: On this interface
Protocol: tcp
Incoming port:81
Private address: 192.168.0.10
Outgoing port:80

Now i can access this webserver on http://1.2.3.4:81 but not on
http://1.2.3.5:81
Why does the forwarding not work on the second public ipnumber? I did't
specify a public address (there is no addresspool) but selected 'On this
interface'. Both address are 'on this interface', but only one works.
How do i make this work? (Is it possible?)

--
Kind regards,

Kees Alderliesten

13 Jun 2009 8:56 PM

Ace Fekay [Microsoft Certified Trainer]

Show quote Hide quote

"Kees Alderliesten" <KeesAlderlies***@discussions.microsoft.com> wrote in
message news:6D797151-1056-4246-887F-233606EB227C@microsoft.com...
> Hello,
>
> I have a win2003 server with 2 ip's on the public interface, say 1.2.3.4
> and
> 1.2.3.5. (1 public NIC)
> In RRAS i have configured a portforwarding for public port 81 to port 80
> on
> een webserver on the private network. Settings:
> Public address: On this interface
> Protocol: tcp
> Incoming port:81
> Private address: 192.168.0.10
> Outgoing port:80
>
> Now i can access this webserver on http://1.2.3.4:81 but not on
> http://1.2.3.5:81
> Why does the forwarding not work on the second public ipnumber? I did't
> specify a public address (there is no addresspool) but selected 'On this
> interface'. Both address are 'on this interface', but only one works.
> How do i make this work? (Is it possible?)
>
> --
> Kind regards,
>
> Kees Alderliesten

Instead of using 'on this interface,' did it give you an option to type in
the IP address?

I haven't used Windows for multiple WAN IPs, but I have done it with Cisco
Pix and Netscreen devices. The devices, which I'm assuming Windows does the
same, is use the first IP as the 'default' interface IP, and when you create
a port remap, it uses the default IP, as what appears to be going on, but
for other WAN IP remaps, in the devices, I would have to specifically state
the WAN IP for the remap.

btw - I hope this server is not a domain controller. Multihomed DCs are
extremely problematic because of the additional IPs registered into DNS and
would require registry changes to control registration, but it's really not
advised.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
ace***@mvps.RemoveThisPart.org

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

"Efficiency is doing things right; effectiveness is doing the right
things." - Peter F. Drucker
http://twitter.com/acefekay

16 Jun 2009 9:20 AM

Kees Alderliesten

Show quote Hide quote

>
>
> Instead of using 'on this interface,' did it give you an option to type in
> the IP address?
>
> I haven't used Windows for multiple WAN IPs, but I have done it with Cisco
> Pix and Netscreen devices. The devices, which I'm assuming Windows does the
> same, is use the first IP as the 'default' interface IP, and when you create
> a port remap, it uses the default IP, as what appears to be going on, but
> for other WAN IP remaps, in the devices, I would have to specifically state
> the WAN IP for the remap.
>
> btw - I hope this server is not a domain controller. Multihomed DCs are
> extremely problematic because of the additional IPs registered into DNS and
> would require registry changes to control registration, but it's really not
> advised.
>
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
> Microsoft Certified Trainer
> ace***@mvps.RemoveThisPart.org
>
> For urgent issues, you may want to contact Microsoft PSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> "Efficiency is doing things right; effectiveness is doing the right
> things." - Peter F. Drucker
> http://twitter.com/acefekay
>
>
>

The only way to enter ipnumbers is to create an addresspool. But that is not
an option here.
And, yes, it 's a DC... SBS2003, but dns is working correctly.
In the meantime i 'solved' this issue by placing an extra nic in de
webserver and connecting it directly to the dsl router.

Thanks anyway,

Kind regards,

Kees Alderliesten

16 Jun 2009 1:55 PM

Ace Fekay [Microsoft Certified Trainer]

Show quote Hide quote

"Kees Alderliesten" <KeesAlderlies***@discussions.microsoft.com> wrote in
message news:4C9AFA4C-8491-4381-B6FA-4A7D39435EAE@microsoft.com...
>
> The only way to enter ipnumbers is to create an addresspool. But that is
> not
> an option here.
> And, yes, it 's a DC... SBS2003, but dns is working correctly.
> In the meantime i 'solved' this issue by placing an extra nic in de
> webserver and connecting it directly to the dsl router.
>
> Thanks anyway,
>
> Kind regards,
>
> Kees Alderliesten

I didn't know it's SBS. SBS does things differently. Multihoming, even
though SBS handles it a bit differently and the regular operating systems,
still must be configured correctly so AD functions.

I suggest to run the SBSBPA to insure SBS is configured properly.

Any additional concerns in the future with SBS, please post the SBS
newsgroup/forum, where you can get specific help for SBS due to it;s
differences to the regular operating systems.

SBS Best Practices AnalyzerSBS Blog - SBS BPA FAQ For more information about
SBS visit the Official SBS blog at http://blogs.technet.com/sbs. Download
the SBS 2008 version from here ...
www.sbsbpa.com

Ace