Help with my lab project (dynamic IP network)

[barney5]

Can I or Can I not - setup servers so that they be accessed behind my D-Link DIR-655 router?

When configuring Microsoft products they only want domain names or IP's with no options for port numbers.

IE, a Trust, Exchange, VPN, whatever...

I have Hi-Speed Cable.

I do have a dyn-dns account setup and that works great for getting me to the router and I can forward ports for ultravnc or whatever.

This is a emulator for the router and it's features http://www.support.dlink.com/e...tors/dir655/login.html

I would like to be able to access any PC-box in my Lan using a name or IP (without a <<port being specified) can this be done?

 

[xSauronx]

You can set up servers to be accessed from behind your router. The thing is, most ISPs block traffic to several common services (web servers and email are the most common) so if you want to run a web host from your internet connection, it likely wont work on a standard port.

You can try configuring the service to use a nonstandard port over 1024 (some services are registered past that, but thats the cutoff for most common services) and set up the forwarding to see if you can access it like http://dyn.dns.domain:3472 or whatever. May work, may not.

What exactly do you want to access on your PC-box?

 

[Pantlegz]

how can your isp block http or smtp/pop3/imap traffic to your IP? if they did you wouldn't be able to access those services from your connection. I know it's against tos but when people tell me their isp blocks that traffic I always ask them if they're able to use those services from their home pc, if they can it's not blocked.

The issue most people have with is the lack of NATing, or NAT configuration, on their routers, if the PC doesn't have the external IP then sutff on the outside doesn't know how to get to the private address without NAT.

 

[JackMDS]

There is No general access by IP ports are always involved. When you access locally the ports are opened and there is No Routing, so there is No need to forward ports. When accessed through Routing it is a different story.

If you want to access few computers for the outside, you set the receiving application on a different port on each computer.

E.g. if UVNC is used you set it on port 5800 on one computer and 5810 on a second etc.

So when you put the external IP from remote if you put IP:5800 it goes to one computer and IP:5810 it goes to the other.

For more look toward the end of this page, http://www.ezlan.net/vnc.html

 

[Pantlegz]

as long as they're on the same side of the router you could access the other computers by the NETBIOS names, but I think they have to be on the same domain, or in the same workgroup. not sure if uvnc supports that or not. on a side note Jack you're one knowledgeable guy.... fast too.

depending on the setting, if you have vpn's setup couldn't you set the dns server to resolve a name to that ip/port? that is assuming you have assess to a dns server and are able to manipulate it. but if it's a dhcp network I guess that wouldn't work either. so you'd be left with the NETBIOS, but I would still like an answer.. jack

 

[kevnich2]

Originally posted by: Pantlegz1
how can your isp block http or smtp/pop3/imap traffic to your IP? if they did you wouldn't be able to access those services from your connection. I know it's against tos but when people tell me their isp blocks that traffic I always ask them if they're able to use those services from their home pc, if they can it's not blocked.

The issue most people have with is the lack of NATing, or NAT configuration, on their routers, if the PC doesn't have the external IP then sutff on the outside doesn't know how to get to the private address without NAT.

Hate to tell you you're wrong, but you are. Incoming and outgoing traffic is totally different. And an ISP can restrict access to whatever it wants on it's own network. Just because you can use an outgoing port from a PC doesn't meant that port isn't blocked. Most ISP's have incoming port 80 blocked (but you can definitely still use port 80 outgoing). Some also restrict outgoing port 25 (SMTP) so that you can only send email through their email server, this helps to combat spam but can also be a real headache.

 

[Jamsan]

Originally posted by: Pantlegz1
how can your isp block http or smtp/pop3/imap traffic to your IP? if they did you wouldn't be able to access those services from your connection. I know it's against tos but when people tell me their isp blocks that traffic I always ask them if they're able to use those services from their home pc, if they can it's not blocked.

The issue most people have with is the lack of NATing, or NAT configuration, on their routers, if the PC doesn't have the external IP then sutff on the outside doesn't know how to get to the private address without NAT.

ISPs block incoming requests on port 80, which blocks people from hosting traditional web servers (without changing ports, using port redirection, etc.). The reason you can still browse the web while this restriction is still in place is because the web browser uses a random generated source port when browsing the web, with the destination port being port 80.

The same works in reverse as well. ISPs will allow (on occasion) people to access external SMTP servers (destination port 25), but block incoming requests on port 25 (which signifies running of a mail server).

 

[kevnich2]

If you have multiple PC's on an internal network going through one externally public routable IP address, you cannot access more than one internal PC from the internet without using ports. Jack basically already answered this for you. If you have three computers you want to access, you have to do port forwarding and forward those ports to the different IP's (example: PC1 is IP:5800, PC2 is IP:5801, etc) But you have to tell the router what specific internal service your wanting to access from the internet.

 

[barney5]

All this information is great and very useful to my understanding. as a windows admin I'm sometimes embarrassed by my lack of understanding.

In a business you never really have this issue cause you have business class ISP service.

I just wasn't sure if there was some tricks or utilities that I didn't know about.

So setting up a win server lab is not really possible seeing how win servers always want a FQDN or IP without an option to use a IP with a port.

I have a group of admins that all want to do the same (a win server lab) so to test and better are knowledge.

I knew we were limited with a dynamic IP just didn't know how limited Thanks to you guys I'm getting there. Thanks

 

[drebo]

barney5, your lack of understanding of the OSI Model makes it virtually impossible to explain anything to you in a way that you would understand. You need to get a book or something and read about the OSI model. The bottom line is this: EVERY SINGLE NETWORK APPLICATION REQUIRES BOTH AN IP ADDRESS AND A PORT. Name resolution is something else entirely. There are a number of well-known ports that applications do not require you to specify...such as port 80. You don't specify port 80 in your web browser (well, you can, but you don't need to), but that doesn't change the fact that HTTP still operates on port 80.

Likewise, all Windows networking services operate on different ports. For instance, the port required for Windows File and Print Sharing is port 445. So, when you type \\server-name\share-name in an Explorer window, it's sending requests to whatever IP address that name is mapped to on port 445. The fact that server-name resolves to an IP address is completely irrelevant. If DNS set server-name as the host name for 192.168.0.5, you could type \\192.168.0.5\share-name and it would function exactly the same thing.

The main reason no one can help you here is because you're not explaining exactly what you want to do. You say "Can I or Can I not - setup servers so that they be accessed behind my D-Link DIR-655 router?" and the answer is a resounding YES.

 

[barney5]

My issues are name resolution. Sorry for the confusions maybe I'm just asking stupid questions.(I don't think so)

BTW: I'm allergic to those OSI books they seem to just put me to sleep
I have to know this and I have to know that Its a balance my friend.

Here is an hypothetical if I have a primary DNS 2k3
and I want to use my 2k3 at home behind (my router) to be a secondary DNS server then ?

and or just create the trust.

 

[drebo]

And this just punctuates my point. What port does DNS happen on? Port 53. So, as long as port 53 is open on both sides (this is required so that people on both sides can get to both servers), you can create your secondary zone (which requires an IP ADDRESS from which to replicate) on your secondary DNS server.

However, this is a situation that really will never happen in a real business environment. If you have your primary and secondary DNS servers at different physical locations, they'll either be across a VPN or some other kind of virtual or dedicated private circuit across which there will be no NAT.

 

[barney5]

So as in my situation explained above, I can not do this.
because either way I can't resolve behind my router.

 

[drebo]

That's not what I said. If your corporate DNS server is exposed to the public, you absolutely can. If it's not, and you cannot create a VPN, then no, you cannot. This is not a technical impossibility, but rather a business policy restriction.

You need to familiarize yourself with IP networking. Windows networking is NOT its own beast. It runs ON TOP of IP networking, and you cannot fully understand Windows networking without understanding IP networking.

 

[barney5]

Originally posted by: drebo
That's not what I said. If your corporate DNS server is exposed to the public, you absolutely can. If it's not, and you cannot create a VPN, then no, you cannot. This is not a technical impossibility, but rather a business policy restriction.

You need to familiarize yourself with IP networking. Windows networking is NOT its own beast. It runs ON TOP of IP networking, and you cannot fully understand Windows networking without understanding IP networking.

Where do you get corporate or business from what I wrote?

Why do you assume I know nothing because I asked the question?

Or is this a anti MS thing?

 

[barney5]

After carefully looking over all the information posted it seems to be the consensus that this cant be done and why. Thanks to all for the advice.

 

[drebo]

Your "questions" don't make any sense and you clearly don't understand enough to comprehend the mechanism involved in networking. I don't know how you could come to that conclusion, but whatever...if it works for you.

 

[barney5]

Let me start over, the question is.

If you and I are at home.

We both have a standard ISP account with a dynamic IP assigned.

We both have a Dyn-Dns service so we can hit our routers.

We both have a standard home router.

We both have a 2k3 server with a private assigned IP.

Can they establish a windows service between themselves?

Please no more insults or righteousness, you dont know me.

 

[kevnich2]

Originally posted by: barney5

Originally posted by: drebo
That's not what I said. If your corporate DNS server is exposed to the public, you absolutely can. If it's not, and you cannot create a VPN, then no, you cannot. This is not a technical impossibility, but rather a business policy restriction.

You need to familiarize yourself with IP networking. Windows networking is NOT its own beast. It runs ON TOP of IP networking, and you cannot fully understand Windows networking without understanding IP networking.

Where do you get corporate or business from what I wrote?

Why do you assume I know nothing because I asked the question?

Or is this a anti MS thing?

It really doesn't take much to figure out that you really don't understand the fundamentals of networking based on some of your questions here. I'm not totally sure how it is your a windows admin without understanding these types of concepts. Not trying to be rude, just being honest. And this isn't anti-MS thing at all from what drebo has been talking about.

 

[barney5]

Kevnich2 - Thats fair, I have always had some difficulties with some networking issues, more like a mental block!
Thats not to say I have not studied networking it's just one of those things that haven't clicked yet.

to get MCSA I did do Network+ and not CCNA, something I regret to this day. I will work on it. I promise not to post in the networking section again.

I appreciate the not being rude comment. Obviously, this is what landed me in the networking forum.

 

[xSauronx]

Originally posted by: barney5
Kevnich2 - Thats fair, I have always had some difficulties with some networking issues, more like a mental block!
Thats not to say I have not studied networking it's just one of those things that haven't clicked yet.

if youre doing systems administration in this day and again, you really really need to work on it until it clicks...then work on it more.

to get MCSA I did do Network+ and not CCNA, something I regret to this day. I will work on it. I promise not to post in the networking section again.

I dont see anyone insulting you, and you dont need a CCNA to understand what youre asking. Hell, if you have study materials for the Network+ test (not an exam cram guide, but a thorough book) then study that, and get some of the fundamentals down better. Any decent Network+ book will cover the OSI model and TCP/IP networking pretty well.

Dont stay away from the forum, do a little studying, then come ask for explanations where things dont click. Some stuff is tedious, sure, but as a system admin any networking knowledge you have is invaluable (and fundamentals are truly necessary).

 

[RebateMonger]

Originally posted by: barney5
If you and I are at home.
We both have a standard ISP account with a dynamic IP assigned.
We both have a Dyn-Dns service so we can hit our routers.
We both have a standard home router.
We both have a 2k3 server with a private assigned IP.
Can they establish a windows service between themselves?

Easiest way is for one of the servers to act as a VPN server and the other connects to it. The dial-in server aquires an IP address and Subnet Mask from the other server, so they can freely talk to each other on the same subnet.

At that point, as long as the firewalls don't interfere, they can establish any sort of communication you wish.

 

[Surfasb]

The short answer to his question should be, "yes, it is possible." I'm not sure if we can find an answer to satisfy him without going step by step.

I have taken the Network+ test and it CLEARLY goes over the OSI model.