• February 22, 2025, 03:05:42 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: dfl-260e Need to rdp to multiple servers  (Read 6476 times)

gandh

  • Level 1 Member
  • *
  • Posts: 1
dfl-260e Need to rdp to multiple servers
« on: July 03, 2014, 09:01:30 AM »
Hi

I need some help to RDP to 3 servers behind the firewall.
This needs to happen from the network that the WAN interface is connected to.

Have managed to set up 2 IP Rules using the FAQ to 1 of the servers.
Can only get to the other 2 servers by publishing their private IP's on the WAN interface

This seems to defeat the purpose of hiding the servers behind the firewall.
Am looking for suggestion to access the two 2 other servers using 2 alternate ports for example 4000 and 4001 or alternate IP's on the WAN interface, for example 192.168.0.201 and 192.168.0.202.

Current config:
DFL-260E >
Wan IP 192.168.0.200
LAN IP 192.168.0.1

Servers behind firewall>
RDP server1 192.168.10.200
RDP server2 192.168.10.201
RDP server3 192.168.10.202

Guest machines:
192.168.0.30-192.168.0.40

Any sugestions would be appreciated
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: dfl-260e Need to rdp to multiple servers
« Reply #1 on: July 03, 2014, 09:11:26 AM »
I recommend that you phone contact your regional D-Link support office and ask for help and information regarding this. We find that phone contact has better immediate results over using email.
Let us know how it goes please.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

silver_surfer30

  • Level 3 Member
  • ***
  • Posts: 107
Re: dfl-260e Need to rdp to multiple servers
« Reply #2 on: July 31, 2014, 06:31:52 AM »
Hi,

The thing I can see so far is to change the listen port of the rdp server and then sat-nat those ports.
Other solution will be to connect to DFL via vpn client (IPSEC) or pptp.

Best regards,

Logged

Rara Avis

  • Imperator
  • Level 2 Member
  • **
  • Posts: 76
Re: dfl-260e Need to rdp to multiple servers
« Reply #3 on: August 01, 2014, 09:57:01 AM »
Greetings,


Both solutions are below.  I have to add however, that you have a non-routable network on your WAN and are therefore almost certainly double NAT'ing.  You should never double NAT, there is no excuse for it, it summons the boogieman riding his terribly steeds of pain and suffering to haunt you for the rest of your days.  That is all.

P.S These are CLI scripts, because they translate via forums better, you can either console in to apply them, or read them to figure out the step(s) you are missing.

P.P.S This script is based on the newest firmware, the second one in particular may not work on earlier firmwares unless you switch "ARPND" for "arpentry".

P.P.P.S These were absolutely rushed out, expect typos, have fun.

First to forward ports 4001-4003 to their respective servers at 192.168.10.101-103.

add Address AddressFolder Hosts
cc Address AddressFolder Hosts
   add IP4Address Server1_IP Address=192.168.10.101
   add IP4Address Server2_IP Address=192.168.10.102
   add IP4Address Server3_IP Address=192.168.10.103
cc

add Service ServiceTCPUDP Server1_RDP DestinationPorts=4001
add Service ServiceTCPUDP Server2_RDP DestinationPorts=4002
add Service ServiceTCPUDP Server3_RDP DestinationPorts=4003

add IPRuleFolder Name=ServerPortForwards
cc IPRuleFolder ServerPortForwards
add IPRule Name=Server1_SAT Action=SAT Service=Server1_RDP SourceInterface=wan SourceNetwork=all-nets DestinationInterface=core DestinationNetwork=InterfaceAddresses/wan_ip SATTranslateToIP=Hosts/Server1_IP SATTranslateToPort=3389
add IPRule Name=Server1_Allow Action=Allow Service=Server1_RDP SourceInterface=wan SourceNetwork=all-nets DestinationInterface=core DestinationNetwork=InterfaceAddresses/wan_ip

add IPRule Name=Server2_SAT Action=SAT Service=Server2_RDP SourceInterface=wan SourceNetwork=all-nets DestinationInterface=core DestinationNetwork=InterfaceAddresses/wan_ip SATTranslateToIP=Hosts/Server2_IP SATTranslateToPort=3389
add IPRule Name=Server2_Allow Action=Allow Service=Server2_RDP SourceInterface=wan SourceNetwork=all-nets DestinationInterface=core DestinationNetwork=InterfaceAddresses/wan_ip

add IPRule Name=Server3_SAT Action=SAT Service=Server3_RDP SourceInterface=wan SourceNetwork=all-nets DestinationInterface=core DestinationNetwork=InterfaceAddresses/wan_ip SATTranslateToIP=Hosts/Server3_IP SATTranslateToPort=3389
add IPRule Name=Server3_Allow Action=Allow Service=Server3_RDP SourceInterface=wan SourceNetwork=all-nets DestinationInterface=core DestinationNetwork=InterfaceAddresses/wan_ip
cc


Next to forward additional WAN IPs 192.168.0.101-103 to their respective servers at 192.168.10.101-103.

add Address AddressFolder Hosts
cc Address AddressFolder Hosts
   add IP4Address Server1_IP Address=192.168.10.101
   add IP4Address Server2_IP Address=192.168.10.102
   add IP4Address Server3_IP Address=192.168.10.103
cc

cc Address AddressFolder InterfaceAddresses
   add IP4Address WAN_1_IP_2 Address=192.168.0.101
   add IP4Address WAN_1_IP_3 Address=192.168.0.102
   add IP4Address WAN_1_IP_4 Address=192.168.0.103
cc

add ARPND Interface=wan IP=InterfaceAddresses/WAN_1_IP_2 Mode=Publish
add ARPND Interface=wan IP=InterfaceAddresses/WAN_1_IP_3 Mode=Publish
add ARPND Interface=wan IP=InterfaceAddresses/WAN_1_IP_4 Mode=Publish

add Route Interface=core Network=InterfaceAddresses/WAN_1_IP_2 Metric=0
add Route Interface=core Network=InterfaceAddresses/WAN_1_IP_3 Metric=0
add Route Interface=core Network=InterfaceAddresses/WAN_1_IP_4 Metric=0

add IPRuleFolder Name=ServerPortForwards
cc IPRuleFolder ServerPortForwards
add IPRule Name=Server1_SAT Action=SAT Service=Server1_RDP SourceInterface=wan SourceNetwork=all-nets DestinationInterface=core DestinationNetwork=InterfaceAddresses/WAN_1_IP_2 SATTranslateToIP=Hosts/Server1_IP
add IPRule Name=Server1_Allow Action=Allow Service=rdp SourceInterface=wan SourceNetwork=all-nets DestinationInterface=core DestinationNetwork=InterfaceAddresses/WAN_1_IP_2

add IPRule Name=Server2_SAT Action=SAT Service=Server2_RDP SourceInterface=wan SourceNetwork=all-nets DestinationInterface=core DestinationNetwork=InterfaceAddresses/WAN_1_IP_3 SATTranslateToIP=Hosts/Server2_IP
add IPRule Name=Server2_Allow Action=Allow Service=rdp SourceInterface=wan SourceNetwork=all-nets DestinationInterface=core DestinationNetwork=InterfaceAddresses/WAN_1_IP_3

add IPRule Name=Server3_SAT Action=SAT Service=Server3_RDP SourceInterface=wan SourceNetwork=all-nets DestinationInterface=core DestinationNetwork=InterfaceAddresses/WAN_1_IP_4 SATTranslateToIP=Hosts/Server3_IP
add IPRule Name=Server3_Allow Action=Allow Service=rdp SourceInterface=wan SourceNetwork=all-nets DestinationInterface=core DestinationNetwork=InterfaceAddresses/WAN_1_IP_4
cc
Logged
Nullum magnum ingenium sine mixtura dementiae fuit. - Seneca
There has never been a great genius without a element of madness.