Port Forwarding with Cisco 675 connected to Linksys BEFW11S4

[Bob Perego]

Can someone tell me if I'm attempting the impossible or
just doing something incorrectly.

I'm wanting to RD into my home machine from the outside
using the suggested IIS - TSWEB technique. My setup is:
DSL line to Cisco 675, 675 to Linksys BEFW11S4, BEFW11S4
to various computers on my LAN, including wireless.

I forwarded the Linksys ports but my only guess is I'm
not getting through the Cisco box. I've also forwarded
the ports in the Cisco box but I think this is the hang
up. The machines on the LAN are all 192.168... addresses
off the Linksys router. To the Cisco box the Linksys is
10.0.0.2. I've got the Cisco set to foward the two
required ports to both the 192.168... machine that is the
RD host. For grins I also opened the ports for 10.0.0.2.

NMap attempts from the outside show no open ports at my
IP address.

With essentially two routers in series is this even
possible to get the port forwarding I need?

Thanks, Bob

 

[Bill Sanderson]

Yes, but only if you open the port through both routers.

Do you really need to use TSWEB?

That will require both ports 80, TCP and 3389, TCP, and taking great care to
be sure that IIS is both patched to date and secured, by following
recommendations of Microsoft's MBSA tool.

The 675 can be programmed in a variety of ways, but given that you have a
private IP address on the inside of yours, it looks like yours is probably
set up to do NAT.

You'll need to talk to your ISP's support staff to see whether they can
provide any help in doing what you want to do.

I believe this is possible, but you'll need cooperation from the ISP.

 

[Bob Perego]

Bill:

My interest in TSWEB was for the ability to access from a
PC without client software. However, this isn't crucial
so what are my other options for getting into my LAN
besides TSWEB?

BTW, I followed Tony Northup's advice of using a port
other than 80.

Thanks, Bob

 

[Bill Sanderson]

The other option is using the Remote Desktop Connection executable.

This is downloadable, and installable from the XP CD, and, if you jigger it
a bit, and be fit on a floppy, sort of.

That only requires port 3389, TCP.

Using a non-standard port is a good idea, but it is still important to patch
and harden the default IIS settings.

 

[Guest]

Bill
I am trying to RD through

VIA NIC, Linksys Befsr41, thru cable

to-Wireless ISP,Befsr81,Linksys NIC

I have read now of the complexities of this type of RD but believe it can be done.

PM

 

[Bill Sanderson]

Ignore the outbound devices on your end.

If I understand your post correctly, these are the VIA NIC, befsr41, and the
cable system.

NAT's don't block outbound traffic. So unless you have some other form of
firewall involved, you are ok on the outbound side.

It is inbound at the host end that you need to get things right.

You must know the correct public IP of the Linksys befsr81 at the other end.
In addition--I'm not sure what you mean by a wireless ISP? Some satellite
systems use proxies and don't allow RD traffic to pass through.

I'd concentrate on setting up port forwarding on the befsr81 (3389, 3389,
enable, tcp, ip address of desired xp pro host machine)

and knowing the correct IP address.

 

[Sooner Al]

A wireless ISP, if I read the original poster correctly, is typically a broadband internet provider
using an 802.11 type transmission over a wide area...

At one time there was an initiative in Oklahoma, by the Oklahoma Municipal League, to provide
wireless broadband access to primarily rural subscribers using this type system with transmitters
based at one or more small general aviation airports (in each county) around the state. The driving
force was because the many 'mom-n-pop' local telephone companies did not have the resources to
upgrade their facilities to provide DSL nor did the local cable TV companies have the resources to
upgrade their facilities to provide broadband. Plus the physical distances from telco COs to many
rural customers preclude DSL even if it was available...like wise with cable TV systems...

http://www.broadbandreports.com/faq/8538

http://www.bbwexchange.com/news/2004/broadband_wireless_isp_news.asp

http://www.wispdirectory.com/

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...


<--- SNIP --->

I'm not sure what you mean by a wireless ISP?

<--- SNIP --->

 

[Bill Sanderson]

Thanks, Al--I've got a friend who lives in a rural area on the banks of the
Delaware river, on the New Jersey side opposite Philadelphia.

He's too far from the telco CO for DSL, so his choice so far for faster
access is satellite, which he isn't anxious to do. Wireless would be great
for him. Am I recalling that AT&T has threatened to provide something like
this with fairly broad coverage in many parts of the country?

 

[Sooner Al]

I don't honestly know about AT&T. I do know that Sprint had a broadband wireless internet service
for awhile, because a couple of folks where I used to work had it at their homes, which are even
further than I am out in the country. I believe that service in no longer available. Even the
Oklahoma Municipal League initiative seems to have fallen through. The contracted provider, based
here in Norman, is out of business and nothing has been heard from the Municipal League about this
issue in two years...

I went through the same thing your friend is going through when I moved out into the country a few
miles out of town. Luckily for me COX cable just arrived last week... Whew... It was a long and slow
1.8 years on dialup... Satellite, at least for me, was way too expensive...particularly the two-way
flavor...

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...

 

[Bill Sanderson]

I guess if I had a good high gain 802.11b antenna, I could go looking for
signals at his site. He's part of a small group of mostly 100+ year old
homes right on the bank of the river--a farm probably directly deeded from
William Penn. Directly across the river from him is a Philadelphia water
intake, and the police firing range. But he is relatively isolated by
surrounding industrial properties and marshland which has been deeded to the
state as a wildlife refuge.

It's too bad about the Municipal leagues's initiative. Phone and Electrical
service in many rural areas came about through such initiatives--and
provided excellent service.

 

[Jeffrey Randow (MVP)]

Problem I see if your router is already probably behind a NAT
router... NAT over NAT doesn't work well with any type of incoming
connection... I would guess it is possible, but you would need to
configure the public router to forward Port 3389 to the second router,
which would then forward to you... I don't know if this will work in
practice, though, so YMMV...

**** PLEASE INSTALL THE MS04-007 SECURITY PATCH - ASN.1 Vulnerability
Could Allow Code Execution (828028) ***
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS04-007.asp


Jeffrey Randow (Windows Net. & Smart Display MVP)
(e-mail address removed)

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone