I am attempting to setup an Exchange 2013 server using one external IP (this is a home lab experiment). However, I am having problems getting an upstream Windows Server 2012 R2 to accept connections across various ports (so that I can forward them via the DHCP/router computer to the Exchange server using ‘netsh…’). To troubleshoot this problem, I have set up a simpler proxy experiment using Remote Desktop Protocol to try and isolate and identify the general problem(s).
To begin, I want to note that what I have attempted below has been attempted under the following two scenarios. First scenario: on all computers, I enabled rules on Windows firewall to accept port 3389 for all public, private, and domain networks. Second scenario: on all computers, I turned off Windows firewall. The results below were the same regardless of scenario. Also, RDP is enabled on all computer but Network Level Authentication is not selected.
While I have included the bulk of my network in the diagram below (I have attempted to draw the network below with only text characters; if my account is verified, I will add a pretty diagram), I believe the problem lies with ServerA accepting incoming Remote Desktop connections from computer that are upstream or on the same subnet. For instance, upstream DesktopA (192.168.100.101 via RDP to the firewall address of 192.168.100.100) is unable to connect to ServerA (192.168.10.1) despite the fact port 3389 is forwarded to ServerA (192.168.10.1). However, if I am to change the port forward on the firewall to DesktopB (192.168.10.3) then DesktopA is able to successfully connect to DesktopB (thus, the firewall is not the problem).
I also attempted to connect to ServerA (192.168.10.2) from DesktopB (192.168.10.3) on the same subnet and was unable to connect to ServerA. However, ServerA (192.168.10.2) was able to RDP into DesktopB (192.168.10.3) (thus eliminating any quirks in the Untangle Firewall traffic routing as being the problem; in fact, with the exception of forwarding rule for port 3389, all applications of the firewall are turned off).
ServerA via its 192.168.10.2 NIC can be accessed using RDP from computers downstream in the network. For instance, all Windows machines connected to networks 192.168.253.1/24 and 192.168.254.1/24 could successfully RDP into ServerA via NIC 192.168.10.2. Additionally. ServerA could successfully RDP into all Windows computers connected to networks 192.168.253.1/24 and 192.168.254.1/24.
Further, all Windows machines connected to networks 192.168.253.1/24 and 192.168.254.1/24 could successfully RDP into DesktopA (192.168.10.3). However, DesktopA (192.168.10.3) could not RDP into Windows Machines downstream of ServerA (i.e. networks 192.168.253.1/24 and 192.168.254.1/24).
Internet functionally on all machines downstream of ServerA (i.e. networks 192.168.253.1/24 and 192.168.254.1/24) works fine.
Everything I have said about RDP connections above also applies to pings. That is, where RDP is successful, so is pinging; where it is not successful, neither is pinging.
From my troubleshooting, the problem seems to clearly lie with ServerA accepting connections upstream (or on the same subnet) with Window firewall exceptions enabled or the Windows firewall turned completely off. I am not sure what settings I need to investigate next. Any assistance would be appreciated.
Internet
|
Modem (192.168.100.1/24) -- DesktopA (192.168.100.101)
|
Firewall (192.168.100.100)
| (192.168.10.1/30)
| --------------------------------------------------------------------------|
| |
ServerA (Win2012R2 DHCP/Router 192.168.10.2) DesktopB (192.168.10.3)
| (192.168.253.1/24)
| -------------------------------|----------------------------------------------|
| | |
ServerB (192.168.253.50) ServerC (192.168.253.70) DesktopC (192.168.253.200)