• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Redirect an ip address?

B

Brazen

Diamond Member
Ok, we have a server behind a NAT/firewall with a public ip address. Then there is this single Windows XP workstation at a remote office that has a dial-up connection to the internet.

I have the ports required forwarded from the firewall to the server. I point the client software on the workstation to the public IP of the firewall, which then forwards the info on to the server. Then I have a problem - this particular client software downloads configuration information from the server, including the ip address that it should use to connect to the server.

This doesn't work out too well since the ip that the server has is not accessible directly from the client. So what I want to know is - is there any way to make Windows redirect a request to ip address and send it too a different ip address.

For example: the servers private ip = 192.168.x.y, firewall public ip = A.B.C.D
When the client software tries to send a request to 192.168.x.y, I want Windows to redirect it to A.B.C.D, OR at least have Windows know that it needs to go through A.B.C.D to get to 192.168.x.y.
 
yes, vpn is a possibility, but this is already an aganizingly slow dial-up connection and vpn would add more overhead. Also, the vpn client for our firewall would require extra steps by the person using the computer, who is rather technologically challenged to begin with. So, vpn is not a desireable solution.
 
I do not know what your specific application is capable to do.

However if you have an application that allows port selection it can be done.

This example is for VNC, but it the same principle for every program that allow port selection. http://www.ezlan.net/vnc#portselect

:sun:
 
Originally posted by: JackMDS
I do not know what your specific application is capable to do.

However if you have an application that allows port selection it can be done.

This example is for VNC, but it the same principle for every program that allow port selection. http://www.ezlan.net/vnc#portselect

:sun:
Click to expand...

No, you misunderstand (I can see I probably didn't explain well). You are talking about redirecting incoming ports at the firewall to access multiple servers. What I'm talking about must be done on the client workstation out on the internet.

The client application is forced, by the server, to look for the server at 192.168.x.y (the server's private IP on the network), but since this workstation is dialed up to the internet and not on our network, it cannot reach 192.168.x.y. The workstation can however reach the server by going to the firewall's public IP addres A.B.C.D.

Cliff Notes:

What I need is for when the client application on the workstation (a Windows XP machine) wants to make a connection to the ip address 192.168.x.y then Windows will redirect that request to the ip address A.B.C.D transparently to the application.
 
VPN is still the correct solution. When your client connects to your VPN they will be given a local IP of their own. They will also be able to communicate with other computers using your local IP's.

Depending on your network, you may also be able to multi-home the server. Put it on your outside vlan with a valid internet IP of its own. Or, perhaps, leave it on the inside network with the same IP as the firewall as well as its internal IP and trick the software into using this IP. Either of these solutions may break your software or your network.

The only other option I can think of is rewriting the packets on the fly at one end or the other.
 
Originally posted by: LOFBenson
VPN is still the correct solution. When your client connects to your VPN they will be given a local IP of their own. They will also be able to communicate with other computers using your local IP's.

Depending on your network, you may also be able to multi-home the server. Put it on your outside vlan with a valid internet IP of its own. Or, perhaps, leave it on the inside network with the same IP as the firewall as well as its internal IP and trick the software into using this IP. Either of these solutions may break your software or your network.

The only other option I can think of is rewriting the packets on the fly at one end or the other.
Click to expand...

Originally posted by: Goosemaster
Perhaps ssl VPN? give you more control over what it accesses on the network...
Click to expand...

Thanks, I know what a VPN is. Read post #3.
 
Originally posted by: Brazen
Ok, we have a server behind a NAT/firewall with a public ip address. Then there is this single Windows XP workstation at a remote office that has a dial-up connection to the internet.

I have the ports required forwarded from the firewall to the server. I point the client software on the workstation to the public IP of the firewall, which then forwards the info on to the server. Then I have a problem - this particular client software downloads configuration information from the server, including the ip address that it should use to connect to the server.

This doesn't work out too well since the ip that the server has is not accessible directly from the client. So what I want to know is - is there any way to make Windows redirect a request to ip address and send it too a different ip address.

For example: the servers private ip = 192.168.x.y, firewall public ip = A.B.C.D
When the client software tries to send a request to 192.168.x.y, I want Windows to redirect it to A.B.C.D, OR at least have Windows know that it needs to go through A.B.C.D to get to 192.168.x.y.
Click to expand...


You could use a dynamic DHCP host, it seems to me that you are getting confused with ip addresses changing often? I'm really not sure why you would want your router to handle a request but if you used something like no-ip and set it all up on names and not ip addresses or then you can just type in the name and send your request directly to anywhere you want. If this isn't the right track please clarify reasoning a little more for me. (It is still a little early for me.)
 
Originally posted by: casper114
Originally posted by: Brazen
Ok, we have a server behind a NAT/firewall with a public ip address. Then there is this single Windows XP workstation at a remote office that has a dial-up connection to the internet.

I have the ports required forwarded from the firewall to the server. I point the client software on the workstation to the public IP of the firewall, which then forwards the info on to the server. Then I have a problem - this particular client software downloads configuration information from the server, including the ip address that it should use to connect to the server.

This doesn't work out too well since the ip that the server has is not accessible directly from the client. So what I want to know is - is there any way to make Windows redirect a request to ip address and send it too a different ip address.

For example: the servers private ip = 192.168.x.y, firewall public ip = A.B.C.D
When the client software tries to send a request to 192.168.x.y, I want Windows to redirect it to A.B.C.D, OR at least have Windows know that it needs to go through A.B.C.D to get to 192.168.x.y.
Click to expand...


You could use a dynamic DHCP host, it seems to me that you are getting confused with ip addresses changing often? I'm really not sure why you would want your router to handle a request but if you used something like no-ip and set it all up on names and not ip addresses or then you can just type in the name and send your request directly to anywhere you want. If this isn't the right track please clarify reasoning a little more for me. (It is still a little early for me.)
Click to expand...

Sorry, that is not the right track. This is a limitation of the software. It will only look for the server at 192.168.x.y. If I could make it use a name, I could just set up a host record on the workstation to redirect that name. But that is not an option, unfortunately.

NOTE: x,y,A,B,C, and D are all constants. None of these ip addresses are changing. I just use letters to obscure my network info.
 
You need a host on the user side that responds to 192.168.x.y and IP tunnels it to your firewall then. Cygwin or a virtual server could do it probably... It would be easier to set up a separate VPN server just for this user with a less cumbersome client. Since the user is already on Dial up why not just have them dial into your network?
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top