How can I get my server to authenticate with my domain controller (which is located behind a linksys router)?
seconding doomtop’s vpn recommendation. Placing the domain controller in your router’s DMZ is a Very Bad Thing ™. Doing so just makes the server a very prominent target to anyone or anything (viruses, malware, etc…) scanning your IP block looking for potential machines to compromise. I can say from experience that a company I once got conscripted to do support for had their domain controller compromised twice within as many months – they didn’t listen when I told them the first time that their setup was (unnecessarily) vulnerable. Not to mention that with most consumer-grade, home-office type routers, if you have an IP address in the DMZ, you cannot then do port forwarding as well – it’s one or the other. Thus, in the future if you would need to forward a port to another machine on the internal network, and you already have the domain controller as the DMZ address, this will not work. VPN eliminates these concerns, as the purpose of vpn is to allow a machine with a public address
I get it now. Your best and easiest solution is a VPN but that might play hell with the rest of your world. So, getting AD data through the Linksys is the least intrusive way. One of the big issues you face is that RPC uses random ports – starting at 1024 and going to 65536 – to communicate AD data to the servers. That means the Linksys can’t work because it can’t forward that many ports. You can assign RPC to a static port, though, and since your web servers are behind a firewall, you’re probably safe in doing this. First, read this. It’s all about ports used by Windows services. Now see this, which is the article that deals with statically mapping RPC. Finally, see this article about all the OTHER ports that will need to be mapped for the other AD traffic the servers will need in order to partici
Private IP addresses are not routable in the public Internet (all Internet routers are configured to drop addresses in the RFC 1918 address blocks), so port mapping will overcome this , by directing incoming packets to your LAN, on selected ports, to a single machine you designate. This would likely be the domain controller you have in your LAN. Forwarding ports is done by making fixed entries in the NAT translation table, and forwarded ports will only be available to the machine to which those ports are forwarded, so you wouldn’t want, for example, to forward ports 80 or 443, as this would “block” Internet Web access to all other machines on your LAN. Depending on what you’re trying to do, you’ll need to forward some, but not all, ports on this list.
“… My understanding is that port forwarding is NAT? Is this not correct?” posted by zzztimbo at 7:31 PM on September 19 I’ve used port forwarding on LinkSys WRT54G and WRT54GL routers successfully, with various Linux/BSD servers. Never needed a Windows domain controller for my projects, but any failings of port forwarding for Windows would have less to do with port forwarding, and more to do with the hack of NetBIOS over Internet Protocol that Windows wants to use for various functions like Computer Browser. Port forwarding is an addition to regular NAT functionality, that uses intelligence in the router to inspect arriving packets from outside the network, to determine how rules set up on the router should be applied in directing those packets. It is aware of NAT table entries, and requests from machines inside the network, will not be impeded by port forwarding. But, if there are services that require alternate TCP/IP connection initiations by first the outside machine, and then th
We currently have the domain controller set up with two NICs. One NIC in the public IP space and the other in the private IP space. I would like to remove the public IP NIC and have the domain controller sit only in the private network. The trouble is that we have web servers that have public IP addresses. I would still like to log in to these machines with my windows domain credentials. Additionally there is a firewall that sits between the web servers and the internet. Here is a crude diagram: internet ——— firewall ——– web servers ——– linksys router ——– domain controller My objective is to be able to manage my web servers via windows remote desktop by logging in to my domain controller. What must i do to the linksys router in order for this to happen? I was going to just do port forwarding on the ports mentioned in that document referenced above, before i read that statement about NAT.
