Topic: Port forward, how ??

[steve288]

I am trying to do some port forwarding. But I cannot seem to get it to work.

I have read many news posts and have a few questions.

I have read it seems that I cant port forward if my machine is server/gateway. (which it is) Is this true?

If I set up port forward on say port 80 of my outside computer to go to an internal sme computer (10.1.0.200) that has a web page on it  do I just put in the external ip of the first computer:80 and with 80 in the browser and it will connect.  This is not what I want to do it is just IM trying to get something to work but cannot. So I thought this would be a test.

I saw comments on the fact that you cannot test the port forward from inside the network. Is that true ? Perhaps all this problem is that I simply am not doing it from outside. Cant I just put in http://externalip:80 and get what I want, when Im inside the network that the sme is on?

Finally depending on all these answers. Is there not some simple way to see if this is working for me. some simple set up that is bound to work. I would just like to see if it works and then build on that.
Thanks.

[christian]

port forwarding can be tricky. If you are in server-gateway mode for your desination it might work but only if the replies to the packets coming in will route back through the same port it came in.

So if you are forwarding to a server/gateway from the LAN side and the WAN port is connected to the same subnet or it is the prefered route to the external world (typical) then it won't work.

you could make it work but I'm not really sure why you would want to make it work.

the other thing you should check is that the default gateway for the destination server matches the gateway that is doing the port forwarding.

As far as i know, the only way to test port fowarding is to come in from the WAN side of the forwarding gateway.

[steve288]

Do you think it would be easier if I set up a system just in server mode to forward the port from the outside world to the Outlook Web interface.

Does that remove alot of the obsicles? Does the server have equally as good security as server/gateway.

Regards
steve

[christian]

Well to be honest, I would also feel better about having external port forwards run through my external interface just to be sure. However, I have found to do so just adds complexity and confusion.

I suspect most things verify the actual external IP address to decide on scope of permissions. I'm not familiar with what you mean by an Outlook web interface so i can't comment on that.

One config where having an external port would be nice is when you use ProxyPass. From what I understand of it, the server would see the src Ip address as an internal address. I'm not sure if there is a simple way around that.

[steve288]

What I mean by outlook web interface is that, exchange comes with a web interface that looks like the ms outlook gui. You know new mail addresses etc. you access it by going over the web. In our case you go to http://exchange and you get to a pw prompt for your name and your into the outlook web interface for sending recieving mail. Its a web interface. All Im trying to do is get this to work from outside world by possibly forwarding port 80 on the sme to the port 80 on the exchange.

I just can do it. But I really cant seem to forward anything, no test works.
eg forward port 80 to an internal web page on another sme on port 80.

Regards

[christian]

oh ok. so the exchange server is on a win server somewhere on your local network. it is operating purely as a server.

Your SME is your gateway to the external world and is in server/gateway mode.

so yes, you should be able to forward port 80 to your exchange server. but then all http requests will go there. However, I beliebe this will only work for accesses from the outside world. internally you will still need to access via http://exchange.

an alternative for simplicity is to use proxypass such that external you can use:
http://yourdomain.com/exchange

I hope that helps.