Port forwarding issue....

Soldato
Joined
16 Nov 2002
Posts
11,299
Location
The Moon
Hi all, having a bit of a problem setting up a new sub domain we have at work.

Basically at current we have a sub domain setup at work citrix.domain.com which takes users to our citrix portal. I am in the process of setting up a new subdomain remote.domain.com/rdweb for access to our new remote desktop web access page.

I've changed the DNS A record to point to our public IP, and on our router i've forwarded Port 443 to the private IP of the server that is running the remote access page.

But for some reason this is bringing up our Citrix page when we go to remote.domain.com

Checking the port forward for Citrix it has port 443 forwarded to the internal IP of that server.

If i change the public port to say 83 (and leave the private port at 443) for the remote.domain.com then I can access the page by going to remote.domain.com:83/rdweb

Anyone any ideas into how I might get this working? Not sure if i've been entirely clear!
 
I think you may need another public IP address so that you can set a record for the sub domain to that public ip. Then on the firewall you say if the destination ip is the new public ip and the port is 443 then set nat rule to go to internal ip.

I think this is because there is two 443 forwards going on.
 
Well we do actually have 2 external IP's which I've just tried setting it up on - ive changed the DNS to point to that IP, and then on my port forwards i've forwarded the public port 443 to the RDS server private port 443. Which seems to have stopped it going to the Citrix page. Upon going to the remote.domain.com we now get the IIS landing page, but if I put /RDWEB on the end I get a 404 page error.
 
Last edited:
If I go to that I get an IIS page so that to me looks like it is working kind of - but I just can't get the RDS page to load!

We just run a Draytek 2820n router, no specific firewall as such.

I took your advice anyway Groen and looked at deploying Windows RDS, this is the last bit of configuring I need to do before rolling it out! Just need to make sure the web access side of things works fine and I can't seem to get it to!
 
Last edited:
In fact I've just checked our port forwarding and our webmail is directed to the second public IP so it must be conflicting with that :(

Is there anyway around this? Surely there must be lots of companies with only 1 external IP that have remote access (citrix or windows RDS) and outlook web access configured?
 
What is IIS listening on/bound to and does it use header redirection?

Companies who have single IPs with mutliple internal services using the same listening ports will use different external ports and forward onto to a different internal port.

https > 443 Citrix gateway
https:9999 > 443 HTTPS IIS host

etc etc
 
Not sure how I check what the IIS is listening on/bound to, and not sure what header redirection is, sorry bit of a noob to this!

So you basically mean I have to set it up on say port 9999 so that when we type the URL in it would be https://remote.domain.com:9999/ ? I did do this initially but I didn't want to have to resort to having to ask users to put port numbers in the URL everytime they wanted to use it! Plus it through up page errors too as the port kept removing itself from the URL!
 
Another option is to define a different external port as you mentioned in your initial post, then on the web server hosting the webmail you can create another folder (for example /rdweb) and set up a redirect there to go to the new URL specifying the port number.

Not as elegant as having the service running on another IP address but eliminates the need to make sure users are specifying a port.
 
I think for the sake of testing it i'll have to roll with using the port URL then I can sack off the Citrix one and move the RDS to point to the external IP that was pointing too.
 
Back
Top Bottom