Cannot connect externally, but no problem internally

Discussion in 'Windows Small Business Server' started by Chico, Oct 7, 2004.

  1. Chico

    Chico Guest

    SBS 2003 standard
    1 nic
    cable internet connection
    Belkin router/firewall
    Upnp enabled
    Dynamic dns service

    no problem conecting either RWW or OWA internally, but cannot connect
    externally. When i run CEICW and it asks to configure the router via Upnp
    (it is enabled on the router) I say yes, and then it gives an error saying it
    cannot configure...do it manually. So I manually entered all the various
    ports that have been mentioned in numerous posts, and I still cannot connect.
    Any ideas on where to go fomr here? Thanks.
     
    Chico, Oct 7, 2004
    #1
    1. Advertisements

  2. Well you missed one thing from all the previous posts
    Where is your second nic??

    Upnp should not be used

    Do you have DHCP enabled on your router?? If so turn it off
     
    Cris Hanna \(SBS-MVP\), Oct 7, 2004
    #2
    1. Advertisements

  3. Chico

    Chico Guest

    Hi Cris,
    Thanks for the quick response. I did not miss the second nic thing,
    just don't have one yet. I do understand the reasons for this and will be
    implementing this soon.
    Should I disable the upnp on the router? No, dhcp is being used on the
    server not the router. Thanks.

    Ken
     
    Chico, Oct 7, 2004
    #3
  4. Chico

    David Barnes Guest

    I've found UPnP configuration of routers fails if you have an admin password
    set on the router.
    Remove the password, run CEICW and then put the password back on your
    router.

    David Barnes
     
    David Barnes, Oct 7, 2004
    #4
  5. Chico

    Chico Guest

    thanks for the response, but when i tried that i got the exact same error
    when CEICW tries to configure the router. I resorted to manually entering
    the ports on the router, but still no remote or exchange connections
    externally. I can ping my xxxxx.dyndns.biz address and it comes up with my
    wan ip on the router so i know that that is working, it just does not seem to
    let me through. Any other suggestions. THanks.

    Ken
     
    Chico, Oct 8, 2004
    #5
  6. Chico

    David Barnes Guest

    Guys (MVP's)...
    we need a quick answer here
    Can SBS publish RWW and OWA via a router to the internet when it only has
    one NIC?
    Something is nagging at the back of my mind that there is a problem with the
    certificate.

    Ken,

    Ok simple one first..
    You are connecting to https://xxxxx.dyndns.biz/remote or
    https://xxxxx.dyndns.biz/exchange
    and NOT http://xxxxx.dyndns.biz/ or https://xxxxx.dyndns.biz/

    I have noticed that one of the recent updates to SBS seems to have turned
    off the default web page. (see http://www.sbslinks.com/patch.htm for patch
    list[posting curtsey of Susan Bradley - http://msmvps.com/bradley/]).. there
    are more (eg ISA SP1)..


    Two approaches..
    1/ most routers have the UPnP functionality disabled by default and this has
    to be enabled in the GUI.
    My guess is that you have turned this on though.

    2/ from outside your org, try telnet xxxxx.dyndns.biz 443 and telnet
    xxxxx.dyndns.biz 80
    These should at least connect..
    Whilst they are connected check on the server what sessions are connected
    (netstat -n) You will have to get in quick before your telnet session
    times-out..
    You should see the source IP of your client that has telneted in.. if not,
    then my guess is the HTTP and HTTPS are being received/interpreted further
    up the line at the router.
    Some routers I have come across (can't remember make) would not let port 80
    and 443 through when the web admin was configured for those ports, even
    though access to it was disabled from the internet. I had to move this to
    8080 and 448 to let the port mapping work.
    Check your servers route table (netstat -r or route print) verify that there
    is ONLY ONE default gateway.. This will be the line dest 0.0.0.0 netmask
    0.0.0.0 gateway x.x.x.x
    Is the gateway specified there the correct ip address for the internal
    interface on your router?

    On a client add the following to the hosts. file (in
    c:\windows\system32\drivers\etc) [use notepad to edit it]

    internal-IP-address-of-server xxxxx.dyndns.biz

    eg
    192.168.1.10 xxxxx.dyndns.biz

    Save the file, but leave notepad open..
    test resolution is ok.. ping xxxxx.dyndns.biz should ping the internal IP
    address of your server
    now try https://xxxxx.dyndns.biz/exchange and
    https://xxxxx.dyndns.biz/remote
    they should work.. if they don't the issue lies inside SBS not with the
    router..

    David Barnes
     
    David Barnes, Oct 8, 2004
    #6
  7. Hi David,

    Gal will do too I suppose ;-)
    One nic will work, assuming that the router is also a good firewall. No
    problem to get RWW and/or OWA published, it all depends if the web
    certificate is being created for the public IP or the FQDN (in which case
    there has to be a dns record created by the ISP).

    --
    Regards,

    Marina
    Microsoft SBS-MVP

     
    Marina Roos [SBS-MVP], Oct 9, 2004
    #7
  8. Chico

    Chico Guest

    Hi Folks,
    Thanks for your replys. I had a spare router (linksys) and decided to
    throw it on and low and behold, I ran CEICW and tried my external side and
    wow it works. Must be something with the belkin Wireless routers. I had the
    correct ports set, but still would not let me through (great firewall). I
    might set it back to factory defaults and try it again. Anyway thanks for
    the help.

    Ken

     
    Chico, Oct 9, 2004
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.