[RESOLVED] Mapping ports in NAT....WIn2k Server

[opiate]

Win2k Server box, I'm using NAT with 2 NIC's. One for private and one for public. The private NIC is plugged into my switch. All other computers are plugged into the switch using static IP’s (169.248.0.11 is my workstation and 169.248.0.10 is my Win2k box private address). The cable modem is plugged directly into the NIC using DHCP for the ISP cable modem service.

I'm using NAT for the router, this works fine. My problem is that Internet software like MSN Messenger, BattleCom, Napster and others. I can communicate outside my private network to the Internet with these apps but if I want to send a file using MSN Messenger, or create a BattleCom host, or have users download files from my Napster Share on my workstation (169.348.0.11) I receive errors. The public is not able to access my internal network. How do I do this without spending any money? How do I configure this? Each app uses special ports, MSN Messenger uses 6891-6900 incoming and outgoing TCP/IP. How do I set NAT up to allow public access to these internal ports or map them?


Thanks

------------------[*]THIS IS NOT AN ADVERTISMENT![*]

[Borut_P]

What can`t you do with NAT but you can with ICS :
1. H.323 Proxy ( netMeeting ...)
2. LDAP Proxy ( ILS server "netmeeting")
3. Direct Play

Privat IP addres rage by RFC1918 is :
10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255.

You are not using any privat IP addresses.

Can other machines go outside your privat network , and if they can see each other and yours workstation.
Did you give permission to access your share by other users ?

[thirdfey]

I want to say that he is using the correct IP addresses because that is what Microsoft assigns you when you don't specify an ip address and don't have a dhcp server. I believe, I know 169 is correct but I can't remember the rest, anyway. Let me look through my hundreds on 2k mcse books and i'll post back.

The purpose of NAT is to keep the public out of your network, its doing its job, you just to do port forwarding for napster and msn messenger and all that good stuff. When I find the answer, I'll post back, in the meantime, check out this website for your 2k needs www.labmice.net

Tony

------------------
we are number one, all others are number two......or lower

[thirdfey]

This is a little more than you need, but thats okay:

Allowing Inbound Connections
Normal NAT usage from a home or small business allows outbound connections from the private network to the public network. Programs such as Web browsers that run from the private network create connections to Internet resources. The return traffic from the Internet can cross the NAT because the connection was initiated from the private network. To allow Internet users to access resources on your private network, you must do the following:


Configure a static IP address configuration on the resource server including IP address (from the range of IP addresses allocated by the NAT computer), subnet mask (from the range of IP addresses allocated by the NAT computer), default gateway (the private IP address of the NAT computer), and DNS server (the private IP address of the NAT computer).


Exclude the IP address being used by the resource computer from the range of IP addresses being allocated by the NAT computer.


Configure a special port. A special port is a static mapping of a public address and port number to a private address and port number. A special port maps an inbound connection from an Internet user to a specific address on your private network. By using a special port, you can create a Web server on your private network that is accessible from the Internet.


To configure interface special ports


Click Start, point to Programs, point to Administrative Tools, then click Routing And Remote Access.


In the details pane, right-click the interface you want to configure, and then click Properties.


In the Special Ports tab, in Protocol, click either TCP or UDP, then click Add.


In Incoming Port, type the port number of the incoming public traffic.


If a range of public IP addresses is configured, click On This Address Pool Entry, and then type the public IP address of the incoming public traffic.


In Outgoing Port, type the port number of the private network resource.


In Private Address, type the private address of the private network resource.

Configuring Applications and Services
You may need to configure applications and services to work properly across the Internet. For example, if users on your small office or home office network want to play the Diablo game with other users on the Internet, NAT must be configured for the Diablo application.


To configure NAT network applications


Click Start, point to Programs, point to Administrative Tools, then click Routing And Remote Access.


In the console tree, click NAT.


Right-click NAT, then click Properties.


In the Translation tab, click Applications.


To add a network application, in the Applications dialog box, click Add.


In the Add Application dialog box, type the settings for the network application, then click OK.

------------------
we are number one, all others are number two......or lower

[Borut_P]

A`ll look in to it more closly.

Try to enablinh NAD DHCP service ( Automatic assign IP addrese **** *****)


------------------
Mr. B

[opiate]

<font face="Verdana, Arial" size="2">Originally posted by thirdfey:
This is a little more than you need, but thats okay:

Exclude the IP address being used by the resource computer from the range of IP addresses being allocated by the NAT computer.
</font>

thirdfey,

I've been down this road already... I have one problem that concerns me about doing it this way. When the instructions say to exclude the resources IP, I do this and then go on to configure the Special Ports. I go back to the exclude IP section and the resource IP has disappeared from the exclusions list.

I've looked on Micro$oft's, KB and TechNet. I havent found anything yet. Let me know if you find anything.....


l8,

opiate


------------------[*]THIS IS NOT AN ADVERTISMENT![*]

[kannibul]

funny - i use nat - and dont have any problems...

dont use IPsec and make sure the ports on your router (non computer) are open.

at work i have a DSL router (nat) and ISA server (NAT/Firewall/Proxy/Mail filter)

talk about a pain in the arse...