Port forwarding through SBS

I have a windows 2000 client computer on a Small Business Server 2003 domain. Since I can't use remote desktop for this client, I would like to install VNC on it. The server has a static IP address and is also the DHCP server. How can I forward requests on port 5800 (vnc port) to the windows 2000 client?

Keith

 

Keith - sorry but I am missing something here. Could you explain a bit more.

It sounds like you will be remoting the 2K vnc client from another machine - not the SBS server - and while it is very possible that you have an issue I don't know anything about (SBS is not a strong point for me) I'm confused about the problem. But if you hum a few bars, I'll try to pick up the melody.

 

Newt, I don't know what your experience is with networking, so excuse me if I seem like I'm babying you with this concept.

Typically, if you only have 1 static IP address, but you'd like to allow multiple computers to access the internet with that same IP, you would have to use a router to share the IP. When this happens, the router assigns all the computers private IP addresses (e.g. 192.168.1.101), but to the outside world (WAN) it looks like all the computers are coming from the static IP. So, in a sense, a request to the static IP would be a request to every computer behind the router. It's the routers job to redirect the request to the right computer. To know which computer to forward the request to, the router looks at which port the request is using and then forwards it to the computer assigned to that port (called port forwarding). I know that VNC uses port 5800. Now, most routers/firewalls make it very easy to set this up, but I'm using Windows SBS as my firewall and router and I can't find where to setup port forwarding.

Keith

 

No external traffic will come directly to windows sbs even if it is the dhcp server or does software routing. Your internet router will need the port forwarded to the sbs machine for any external traffic to reach it to start with.

Your Windows sbs hasnt got a static WAN IP itself, the internet router does.

Like Newt i am confused, and i am a Network Administrator for a living, and he is a moderator on this BBS, and experienced also.

Yes Windows SBS can host Remote Desktop Cons by the way, its just more limited in the Terminal Services area than Windows 2003 server is.

And normally you cannot forward to more than 1 PC any 1 port. Eg If you had Remote Desktop running (port 3389) only 1 PC on your network can recieve this traffic. You cant forward it to 2 machines.

Sounds to me your problem is that you should have bought Server 2003 and used Terminal Server it ships with, instead of Windows SBS, which is a problem may people find out the hard way.

 

keithki - it is always hard to tell the experience level of folks posting to a forum and I often do just as you did, apologize and post in great detail with the simplest explanation I think may do the job.

I make my living the same way Dez does - as a network administrator on a mainly windows/domain network although we do have some unix and the odd Vax running VMS in the mix.

To clarify a little more, you are confusing two very different things and I think that may be causing part/all of your problems. You said

The item that allows a device to provide internet service to a number of PCs while you only have one 'live' internet IP address is called NAT (network address translation). Often a feature provided as part of a router's firmware and especially the smaller router/switch devices designed for SOHO networks but not really a router function. More NAT detail Here.

Port Forwarding is a router function but you basically instruct the router that any packet from the another network (usually the internet but with certain WAN setups could also be from your WAN) that is not a response to a packet from within your network and is addressed to a specific port be sent to a certain PC. It is a work-around for the fact that NAT relies on one of your PCs opening the conversation so that it knows which PC should get any responses but will simply block any packets originating from the outside unless they match the port forwarding information it has been given. It is normally used when someone wants to host an internet server inside a NAT-protected LAN.

To answer your original question of How can I forward requests on port 5800 (vnc port) to the windows 2000 client?, you would set the router to port-forward all inbound traffic for port 5800 to the IP address of the PC you wanted to see the traffic. Unless that IP was your server and you planned to use it for the VNC connections, it would not be involved in the mix at all. That's basically why Dez and I were trying to get clarification as to exactly what you wanted to do.

 

I will just add for future reference directions on how to CHANGE THE LISTENING PORT FOR REMOTE DESKTOP.

 

Well, Newt, I think it's safe to say you know more about networking than I do . I still have not been able to find in SBS where to set this all up. Do you think it's possible that I would need a hardware router with NAT capabilities?

P.S. I'm a little surprised I haven't gotten more reponses on this topic. I would've thought there'd be a lot of SBS gurus in here.

Keith

 

So are you saying your SBS Server has 2 NIC cards? One hooked to the WAN and one Hooked to the LAN?
And the SBS Server is acting as the Router / Gateway / DHCP Server?

 

keithki - I think there are a couple reasons for the lack of SBS-related responses

- lots of us fall to one side or the other. SBS is aimed at a certain size niche and we seem to have mostly folks who know smaller networks or larger ones. As I said at first, I have never dealt with SBS and only know from some reading that it does some very interesting things.

- your problem as outlined here so far does not seem SBS related unless we are missing your point but that has certainly been known to happen.

At the end of the day, we would certainly like to have a couple or three or five SBS folks posting regularly and able to help with those problems though.

 

Yes i agree, SBS is not widely used and gurus in it will be rare.

Myself , i usually recommend Windows 2003 Server in one of its forms to clients needing a Server OS solution. It has more features and Terminal Server, which is the best remote access solution i know of. And plenty of my clients want to be able to work from home on the office's network these days, and VPNs and the like are too slow. TS is also safe as data never leaves the server, only screenshots of what you are doing do. SBS cant provide that for me.

SBS only has terminal server in a remote admin mode and it cant be used to server clients like full teminal server in 2003. Also SBS has more user restrictions in other networking areas as well compared to 2003.

From what i have seen SBS would win over 2003 only if the client was a small business who wanted to host his own email server and web domain or web based intranet. Apart from that give me 2003. Got a question about Server 2003? that i am good at!! lol. Cya.

 

SBS is often used for smaller businesses (50 users and below) because it makes great economic sense. To the best of my knowledge, there isn't any reduction of services in SBS as compared to a standard server. The one exception is that SBS only allows one DC on the physical network. I haven't use SBS 2003, but have used SBS 2k. It looks as if there are two versions of SBS 2003, and the more expensive one is comparable to SBS 2K.

SBS does offer terminal server, but normally one should run a separate server as the TS box because of the potential resourses involved. If you are only going to have one or two external users, the administrative sharing should be fine.

The routing for TS and administrative use is the same, so that's not the issue here. If you have two network cards (multi-homed) and you are using the IAS server in SBS as your proxy server, you should read about "routing and remote access" in the system help file. Otherwise, you would use the port addressing feature of your router.

 

That is correct.

Also, I appreciate all the help from everyone, but I'm just going to accept the answer that a hardware router would be the easiest solution.

Keith

 

I would get a hardware router / firewall.

Let SBS continue to handle DHCP and leave the routing to a router.

 

Just my 2 cents...

Obviously, this post started because I just started playing around with SBS 2003 and I had a question about port forwarding. I can't sit here and tell you that the product is flawless, because I haven't tested it in a real small business environment. However, after playing around with it for the past few weeks, I can honestly say, and not to sound like a techie nerd, that SBS is awesome. I've had my fair share of installing Server 2003 Standard and Exchange, but recently someone told me about SBS and it's cost of about $500 which includes 5 CALs. For small businesses, SBS has got me sold. The thing about SBS is that it's extremely easy to setup and it's actually fun to play with. For those of you that have clients who think they need nothing more than a desktop computer acting as a file server, I highly recommend showing them SBS 2003. It's really like adding a new toy to the office . Microsoft has a "free" 180 day evaluation kit that'll cost you 15 dollars. Even if you don't have any desire to install it in any client offices, just hook up a few computers and spend an afternoon playing with it. You might like it.

Keith

 

No doubt SBS is awsome in a small business.
To use all of it's features it takes a server with some pretty good horsepower.
Lots of RAM and dual processors is my preference.

I have 2 clients running it.
One has 30 users and the other has 5 users.

Built in Fax sharing,
Modem Sharing,
Exchange including a POP3 connector to pull mail from a web host and deliver it to a users exchange mailbox.

Creates user folders and a public folder by default.

 

I totally agree that SBS is the best solution for people wishing to use Exchange Server or a web based intranet. I am well read on the product although i havent really handled it in any meaningful way yet.

XP Pro is enough for small networks under 11 people, who simply want to file and printer share, and can be accessed remotely by 1 person at a time with remote desktop.

2003 Server is best if the client has more than a couple of people wanting to work off site as if they were in the office, with decent speed and security.