XP as a router

G

Guest

I have an XP machine with 2 adapters - one for external IP, one for internal
IP. The internal IP is on subnet 192.168.2.0. It can ping the router and
other machines on network. It can browse the internet. I have set a static
route for 192.168.5.0 and it can ping that subnet as well. I can ping and
RDP into a 2003 SBS at 192.168.5.10 from the XP host machine.

What i would like to achieve is to be able to remotely (from the internet)
RDP into the external IP of the host machine and it automatically connect to
the RDP session at 5.10. Also, I would like to begin using the external IP
of the host machine as my exchange server public IP address, pointing to the
exchange server at 5.10.

We have attempted to configure this using Windows Firewall, and telling it
that the machine responsible for RDP on this network is 5.10. However, it
wont let us connect this way. If I tell it to use 127.0.0.1, I can RDP into
it with no problem. Once I try to forward the traffic using Windows
Firewall, it hangs and wont let us connect.

2 questions:
Is what we are doing even possible?
If so, then What can we do to make it work?
 
S

smlunatick

I have an XP machine with 2 adapters - one for external IP, one for internal
IP. The internal IP is on subnet 192.168.2.0. It can ping the router and
other machines on network. It can browse the internet. I have set a static
route for 192.168.5.0 and it can ping that subnet as well. I can ping and
RDP into a 2003 SBS at 192.168.5.10 from the XP host machine.

What i would like to achieve is to be able to remotely (from the internet)
RDP into the external IP of the host machine and it automatically connect to
the RDP session at 5.10. Also, I would like to begin using the external IP
of the host machine as my exchange server public IP address, pointing to the
exchange server at 5.10.

We have attempted to configure this using Windows Firewall, and telling it
that the machine responsible for RDP on this network is 5.10. However, it
wont let us connect this way. If I tell it to use 127.0.0.1, I can RDP into
it with no problem. Once I try to forward the traffic using Windows
Firewall, it hangs and wont let us connect.

2 questions:
Is what we are doing even possible?
If so, then What can we do to make it work?

You should be looking at Internet Connection Sharing (ICS) feature.
It might take time and might be complicated to set up. Also, with
common boardband routers on sale, it might be easier to set up one of
these routers.
 
G

Guest

Well, we finally got it to work. The reason we aren't using a regular
cheap-0 router is because we need to do a double hop port forwarding for RDP
to our server at the other location. Each location is on it's own subnet, so
to come into an external IP at the Co-Lo, then forward thru the .2 subnet,
and then forward again to the .5 subnet would not work on our cheap-o router.
thus, we installed the XP machine as the router. What made it work was
changing the internal IP of the xp box to the IP address that our router was
(2.2) and giving it a default gateway on the external adapter.
NOW we have another issue to solve. I am trying to get Exchange over HTTP
to work by coming into the external IP of the XP Router machine and then
forwarding the traffic down to .5.10. The Remote Desktop connection on port
3389 works GREAT this way - no problems, so I know the "path" is there, it is
just a matter of getting all the right ports open. What happens is when I
try to connect, it opens the prompt for my password, and I enter it but it
continually comes back and tells me the exchange server is unavailable
(retry/work offline/cancel). We checked it with ISA server and found that
besides the regular RPC-HTTP ports that microsoft tells you it needs to do
exchange over http (80, 443, 6000, 6001, 6002, 6004) it was also trying to
use port 135, so we opened that one too. It still doesn't work, and I'm not
sure if it is a port that is being blocked or that it is not passing
authentication over the network to the second subnet for some reason. We are
using Basic Authentication.

Anyhow, if this makes sense to ANYONE, I would love to get this working
asap. Our other option is to have the Internet connection at the second
location, which is a possibility (an probable) in the future, but it will be
one month before it can be installed. I need this working yesterday!

Thanks for any insight anyone can give.
Lynda
 
S

smlunatick

Well, we finally got it to work. The reason we aren't using a regular
cheap-0 router is because we need to do a double hop port forwarding for RDP
to our server at the other location. Each location is on it's own subnet, so
to come into an external IP at the Co-Lo, then forward thru the .2 subnet,
and then forward again to the .5 subnet would not work on our cheap-o router.
thus, we installed the XP machine as the router. What made it work was
changing the internal IP of the xp box to the IP address that our router was
(2.2) and giving it a default gateway on the external adapter.
NOW we have another issue to solve. I am trying to get Exchange over HTTP
to work by coming into the external IP of the XP Router machine and then
forwarding the traffic down to .5.10. The Remote Desktop connection on port
3389 works GREAT this way - no problems, so I know the "path" is there, it is
just a matter of getting all the right ports open. What happens is when I
try to connect, it opens the prompt for my password, and I enter it but it
continually comes back and tells me the exchange server is unavailable
(retry/work offline/cancel). We checked it with ISA server and found that
besides the regular RPC-HTTP ports that microsoft tells you it needs to do
exchange over http (80, 443, 6000, 6001, 6002, 6004) it was also trying to
use port 135, so we opened that one too. It still doesn't work, and I'm not
sure if it is a port that is being blocked or that it is not passing
authentication over the network to the second subnet for some reason. We are
using Basic Authentication.

Anyhow, if this makes sense to ANYONE, I would love to get this working
asap. Our other option is to have the Internet connection at the second
location, which is a possibility (an probable) in the future, but it will be
one month before it can be installed. I need this working yesterday!

Thanks for any insight anyone can give.
Lynda






- Show quoted text -

If you are a company and you are attempting to set up a multi-segment
network (aka WAN) then you should consider looking at higher quality
routers made be Sonicwall, Watchguard, Juniper Networks and the
likes. Not only do these router units let you have Intenet, they also
can provide office to office inter-connections, known as Virtual
Private Network (VPN) tunnelling. What you really need is to set up
an office to office VPN tunnel which eliminates the double hop and
will be more secure.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top