0

I have some Windows machines on an internal network.

One of them (at 192.168.164.14/24) has an HTTP/HTTPS server listening on the usual ports, 80 and 443, respectively.

Due to an odd constraint I need to have some of the other machines connect to this server via another server (at 192.168.160.25/24). I want this to be completely transparent; this machine should simply forward requests to the web server and replies from the web server back to the client.

Windows Server 2003 R2 seems to have a way to do this built in - the Routing and Remote Access service.

I configured RRAS with the Wizard with: Custom Configuration > NAT and Basic Firewall, LAN routing.

Under "NAT / Basic Firewall" in the RRAS tool I set up (on the NIC with 192.168.160.25/24):

  • Public Interface connected to the Internet
    • Enable NAT on this interface
  • Services and Ports
    • Secure Web Server (HTTPS)
      • Public address: On this interface
      • Protocol: TCP
      • Incoming port: 443
      • Private address: 192.168.164.14
      • Outgoing port: 443
    • Web Server (HTTP)
      • Public address: On this interface
      • Protocol: TCP
      • Incoming port: 80
      • Private address: 192.168.164.14
      • Outgoing port: 80

However, this configuration doesn't work - the 192.168.160.25 machine won't accept connections on ports 80 or 443.

An alternate tactic, using netsh portproxy doesn't work either:

C:\>netsh interface portproxy show v4tov4

Listen on IPv4:             Connect to IPv4:

Address         Port        Address         Port
--------------- ----------  --------------- ----------
192.168.160.25   80          192.168.164.14   80
192.168.160.25   443         192.168.164.14   443

C:\>netstat /na | find "80"

C:\>netstat /na | find "443"

What am I missing? I should not IPV6 is installed; Googling shows this is a common cause for failures. Any help is appreciated.

bbayles
  • 121
  • 1
  • 1
  • 9

1 Answers1

0

I was able to solve this problem. It did end up being related to IPv6.

Microsoft's document, NETSH INTERFACE PORTPROXY do not work when doing port redirection between IPv4 and IPv4 addresses, describes how port proxying may fail if IPV6MON.DLL does not show up in the netsh interface portproxy show helper command's output.

However, the Microsoft article doesn't mention that things can still fail if the IPv6 protocol is not installed on the network adapters being used.

I've now verified on multiple Win2K3 servers that these steps solve the problem:

  • Start > Run > control ncpa.cpl
  • Right-click an adapter and select Properties
  • Press Install button, select Protocol, and then find Microsoft's TCP/IPv6 item
  • Close the adapter properties window

The TCP/IPv6 item can be unchecked or checked; it just has to be present.

bbayles
  • 121
  • 1
  • 1
  • 9
  • Unfortunately, this didn't help on Windows Server 2008. I do have the IPv6 protocol in the network connection's properties. "netsh show helper" doesn't show ipv6mon.dll. "netsh add helper ipv6mon.dll" can't find the dll. I haven't found a solution yet. – user63623 Feb 21 '14 at 09:45