Home > windows server 2008 > Port forwarding with Windows Server 2008

Port forwarding with Windows Server 2008

September 21Hits:1
Advertisement

I have Windows 2008 server. It works as a mail, ftp, web server. In my LAN there is other server and i want to reach this server with RDC from outside my lan, (example: domail.com:5555 -> 192.168.0.2:3389). Is there any solution to forward this port using Windows Firewall?

Answers

Try the following:

netsh routing ip nat add portmapping external tcp 0.0.0.0 5555 192.168.0.2 3389

This rule shall forward any incoming connection to port 5555 from outside to your specific LAN IP/port. Here external is the name of the external network interface.

Don't forget to have proper firewall rules that will allow traffic related to port 5555 to pass in both directions on the external NIC. You need to allow incoming traffic to port 5555 and outgoing traffic related to these connections.

I've never used the built-in Windows firewall, but I strongly suggest you to have a look at wipfw. It is smart enough to implement connection tracking.

If you want to use port forwarding as your scenario; you should "add role: RRAS" and manage NAT rules under RRAS in Administrative Tools.

Actually, isvery simple in 2K3 but 2k8? I'm shocked and disappointed

If your Windows server is behind a NAT device then I would recommend creating a port forwarding rule on your NAT that can accept an inbound connection on TCP/5555 and then forward to TCP/3389. This way you aren't modifying the server.

Also, if you have more than one server you would like to connect via RDP then I would recommend you check out Windows 2008 Terminal Services Gateway.

Reproduced from this article:

By default, a Terminal Server uses port 3389 for RDP traffic. By default, every single competent hacker in the world knows that a Terminal Server uses port 3389 for RDP traffic. That being the case, one of the quickest changes you can make to your terminal server environment to detour potential intruders is to change this default port assignment.

In order to change the default RDP port for a Terminal Server, open regedit and browse to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp. Locate the PortNumber key and replace the hex value 00000D3D (which is equivalent to 3389) to the appropriate hex value for the port you wish to use.

Alternatively, you can change the port number used by your Terminal Server on a per connection basis. While still using regedit, browse to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\connection name. Again, locate the PortNumber key and replace the hex value in place with the value you wish to use.

Keep in mind that when changing this setting on your server, all connecting clients will need to be sure they are connecting to the Terminal Server with the new port extension tagged on to the servers IP address. For example, connecting to a Terminal Server with an internal IP address of 192.168.0.1 which is now using the non-standard port 8888 would require a user to enter 192.168.0.1:8888 into the Remote Desktop Connection client.

Port forwarding with Windows Server 2008

Please note that you would need to open the firewall to allow incoming connection on the new port. Also, don't forget to take some precautions before editing the registry, such as creating a system restore point.

First of all,

W2K3's firewall can do that. But W2K8's firewall or advanced firewall cannot do this.

Aditional info: "netsh routing..." command doesn't works on W2K8 in any combination (sdvfirewall, firewall etc.).

I'm sorry:(

Just a suggestion but why not add a Remote Desktop Gateway. It's a built in role with W2K8+ that runs over SSL/443 which makes it pretty easy to route over any firewall. In addition you can then setup rules and use a Network Policy Server and rules to really control at a granular level who can access your server. Since you are already running a Web Server this may be the most secure solution. It will also allow you to RDP into any server behind the firewall without having to make any modifications to the firewall.

Works great at my multiple sites and it is VERY secure.

Is your Server 2008 R2 box acting as the 'head of your network', or simply put, your router?

If not, then you need to make these changes to your router/firewall at the front of your network. Setup the port forward exactly as you described above, forwarding the inbound port of 5555 to (serverip):3389

By default, if you do not set the destination port to 3389, it will not work without a registry change to the server you're connecting to.

I believe this is the command you are looking for:

netsh interface portproxy add v4tov4 listenport=5555 listenaddress=192.168.0.1 connectport=3389 connectaddress=192.168.0.2

To view the result:

netsh interface portproxy show all

Related Articles

  • Port forwarding with Windows Server 2008

    Port forwarding with Windows Server 2008September 21

    I have Windows 2008 server. It works as a mail, ftp, web server. In my LAN there is other server and i want to reach this server with RDC from outside my lan, (example: domail.com:5555 -> 192.168.0.2:3389). Is there any solution to forward this port

  • port forwarding on windows server 2008 to Hyper-v machinesJanuary 20

    I have a host machine (win server 2008 R2) with several Hyper-V virtual machines. I want to be able to redirect certain ports of host to virtual machines. There is virtual network connection between host and virtual machines (192.168.10.xxx). Host is

  • Network Load Balancing, intermittent port problem on Windows Server 2008April 30

    Trying to troubleshoot an intermittent problem on a Windows Server 2008 NLB. I think it might be related to an NLB issue. We are using Windows Network Load Balancing to balance load for our multiserver SharePoint front ends. Say... Web Front End 1 IP

  • how to protect from port scanning a windows server 2008February 24

    I am search to find a program, or a way to block ips that make port scan on the server. The goal is to hide some ports like remote desktop on a different port. So some are search the port with port scanning to locate this port and start the attacks.

  • Unable to increase the dynamic port range on Windows Server 2008May 2

    I'm trying to "tune" the TCP/IP stack on some Windows Server 2008 machines by following the instructions here: http://www.outsystems.com/NetworkForums/ViewTopic.aspx?TopicId=6956&Topic=How-to-tune-the-TCP%2FIP-stack-for-high-volume-of-web-re

  • Port forwarding for Windows serverJuly 18

    How to "easily" forward incoming port 80to outgoing to port: 8080 for Windows Server 2003? The idea is that all traffice/incoming and outgoing from/to port 80 will be redirected to 8080. --------------Solutions------------- install an ssh server

  • Can't Open Port 1433 on Window Server 2008 (attempting to connect to SQL Server 2008 Express)October 25

    I'm trying to open Port 1433 on windows firewall but not having much luck. I've added a new Inbound Rule (attempting to open TCP 1433) which looks okay and appears to be on but when I run netstat -an the server doesn't appear to be listening on Port

  • Unable to telnet out on port 25 on windows server 2008June 2

    I just setup a Windows 2008 R2 server and am trying to get a basic mail server up and running so that I can send emails from my applications. I setup a virtual SMTP server in IIS6 and tried doing a local telnet to port 25, which seemed to work fine.

  • change default port of IIS and let another process to listen on port 80 (Windows Server 2008)October 14

    I have an installation of Windows Server 2008 running IIS 6 with a website listening on port 8080, even though I have moved the website to listen on 8080, port 80 is still kept in use by IIS (for truth by the kernel process : System - ProcId : 4). I

  • Why does a Hyper-V, Windows Server 2008 R2 server occasionally stall?July 7

    I'm running a Virtual Machine server on Hyper-V that stalls about once a week, effectively rendering certain services it is running to be useless. -The physical host machine CPU: 6-core Xeon E5-2620 2.10GHz RAM: 16GB OS: Windows Server 2008 R2 Servic

  • Setting up port forwarding via UPnP on Windows Server 2008 R2?October 19

    I'd like to set up some port forwarding in our router, using UPnP. More specifically, I want to run some program on startup that always forwards port 8443 my IP address (192.168.1.100). Port 8443 is for our SVN server. How do I do this with Windows S

  • How to forward port on a dedicated windows server 2008?June 2

    In MSDN to make SQL Server accessible from Internet http://msdn.microsoft.com/en-us/library/ms175483.aspx They say to forward port from sql server remote port to usual sql server port 1443. I have at a hosting company 2 dedicated windows server 2008

  • How can I set up port forwarding for GlassFish on Windows Server 2008 and IIS7?February 25

    I bought a Windows Server 2008 and installed GlassFish, Java, PostgreSQL etc. Now my website is running on localhost:8080 in the GlassFish server. How can I set up a port forwarding such that when a request comes to this server via the usual http por

  • Windows Server 2008 R2 Routing domain to local port July 2

    How can I create a domain mysql1.domain.com in Windows Server 2008 R2 and set the server to connect the local MySQL server on port 3306 when someone uses that domain in his application? How about then if I want that only the users in the same network

  • Firewall ports for Serv-U Server - Windows Server 2008 R2October 22

    I am trying to set up Serv-U on Windows Server 2008 R2, but am unable to get the ports working in the Windows Firewall. I also don't have a domain pointing at this server at the moment, as we are just using it as a test server at the moment, this won

  • Change TeamCity IP address and port number on multi-homed Windows Server 2008 running IIS 7August 24

    After two full days of "research" (read: banging my head against my keyboard) and cursing at TeamCity/MSDN/Tomcat documentation as well as phantom IIS bindings, I've come up with an answer to a very perplexing issue: How can I change TeamCity's

  • Windows Server 2008 constantly spamming external IP's on outbound TCP port 445June 1

    I have a Windows Server 2008 box running as a Domain Controller. I have noticed in my Cisco ASA firewall logs that this box is continuously sending out (like a thousand requests a second) requests on TCP port 445 to external hosts. I have made an eff

  • Windows Server 2008 and port 80September 14

    I'm having an issue with my Windows Server 2008. I can successfuly connect to it with FTP(port 21), remote desktop(whatever the port number is), https but not with simple http or port 80, from the outside of my LAN. Is there some settings I don't kno

  • How to bind Apache to specific IP and port on Windows Server 2008December 21

    I have a Windows Server 2008 R2 that I use to host various ASP.NET applications under IIS7. I would also like to run various PHP based web apps using Apache (or Apache 2). The server has three static IP addresses assigned to it and I would like to bi

  • How to check which port to enable on Windows Server 2008 FirewallJune 8

    I have an application which supposed to be launch from a client machine, but every time I launch it, it shows me an error saying "Failed to talk to database". By the way it is a .Net application and database is SQLExpress2008R2. The app itself i

Copyright (C) 2017 ceus-now.com, All Rights Reserved. webmaster#ceus-now.com 14 q. 1.291 s.