How do I forward port 443 to another server WITHOUT ISA?

Discussion in 'Windows Small Business Server' started by Mark Mason, Apr 19, 2005.

  1. Mark Mason

    Mark Mason Guest

    Greetings!

    I am running SBS 2003 but without ISA server installed. I have two NIC cards
    in the server, one to the LAN and another to the Internet. I need to forward
    requests to the public IP address on port 443 to another server. How do I do
    this? I ran the connection wizard and turned on the firewall, and added port
    443 but I don't know how to tell it to forward.

    Thanks.

    Mark
     
    Mark Mason, Apr 19, 2005
    #1
    1. Advertisements

  2. I guess you can forward the port on RRAS:
    Administrative Tools-> RRAS mmc-> %servername%-> IP Routing-> NAT/Basic
    Firewall.

    However, I'm not sure I would do this on an SBS box... what are you going to
    do with OWA/OMA/RWW/RPC over HTTP??? All these use port 443.
     
    Javier Gomez [SBS MVP], Apr 19, 2005
    #2
    1. Advertisements

  3. Mark Mason

    Mark Mason Guest

    Here is my situation: I have a vendor who needs to hit my public IP address
    on 443 and be forwarded to another server on my LAN. I am a rookie at this
    sort of thing so I am not sure how to answer your question. The vendor has a
    static IP address, can I set it up to route anything from his IP to the
    public IP to another server on my LAN?

     
    Mark Mason, Apr 19, 2005
    #3
  4. The problem here is that you have 2 servers that need the same port. SBS
    needs 443 so you can use all https websites like OWA, OMA, etc. from the
    internet as well as to make RPC over HTTP and Exchange ActiveSync work. Your
    vendor wants this port to another server... so the way I see it you have
    some options (in -my- order of preference)->

    1) Ask your vendor to use another port that is not going to be used (i.e.
    445)
    2) Get a 2nd IP address from your ISP. This can be a bit complicated to
    setup but will allow you to have one 443 port on each IP and then you can
    forward one to the SBS box and the other to the vendor.
    3) Move everything in SBS to another port. I have never done this... even if
    it was possible it could get *really* messy and some things might not even
    work.
    4) Find more about the vendor app. If the app uses https it might be
    possible to work something out using wildcard certs (and you would probably
    need ISA too).
    5) Give up one or the other (i.e. SBS web functionality vs. vendor)

    --
    Javier [SBS MVP]
    www.msmvps.com/javier
    << SBS ROCKS!!! >>

     
    Javier Gomez [SBS MVP], Apr 19, 2005
    #4
  5. Okay, Option number two is the choice that seems best to me. I have multiple
    IP addresses from my ISP. So, I assume I set up a second IP address on the
    SBS External NIC right? But I still am in the dark as to how to set up the
    actual port forward.

    Thanks.

    Mark Mason

     
    Mark J. Mason, Apr 20, 2005
    #5
  6. Yes, you would need to bind another IP to the external NIC. Also, its
    possible that you might need to unbind IIS from all interfaces/IPs. However,
    to be perfectly honest I haven't done any port forwarding using RRAS with 2
    IPs (its pretty easy with ISA). Probably its the same procedure as with one
    (play around Administrative Tools-> RRAS mmc-> %servername%-> IP Routing->
    NAT/Basic Firewall.) but I can't really tell.

    My suggestion is that you start another thread asking on how to do this with
    2 public IPs and using RRAS. Its likely that someone has done this before
    (or some MS support person can help you out).

    I'm sorry I can't help you any further. But, if you get this to work and/or
    a solution to your problem please post back so others can benefit on the
    future.

    Cheers,

    --
    Javier [SBS MVP]
    www.msmvps.com/javier
    << SBS ROCKS!!! >>

     
    Javier Gomez [SBS MVP], Apr 21, 2005
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.