Cannot connect to SBS server from Internet

[Xplanes]

Hello, I recently reinstalled SBS 2008 R2 on a Supermicro Workstation. This is in my home as an educational project. Something has changed between the first install and the second and I'm not sure what. Originally I had SBS 2008 and Ubuntu on a dual boot using Grub. I took a new hard disk and installed SBS 2008 clean single boot, updated and then installed a couple third party servers... A game server, a Teamspeak3 server and I've configured Remote Desktop Client on my Win7 and Win8 laptops.

I have a Frontier DSL Modem/Router with DHCP disabled. It's connected to a Wireless Gigabit Router with DHCP enabled. The Router had port forwarding setup for the server originally with a reserved IP of 192.168.0.104 With that IP I could connect the game clients and my TS3 clients on the LAN and with the WAN IP I could connect to the same servers from the Internet.

Here's what's different. When I setup the server using the same NIC, Router, reserved IP etc. I cannot connect from my LAN or Internet. I enabled the DNS server in SBS 2008 and now I can connect to the game server, the TS3 server and Remote Desktop access to the server from inside the LAN. It will no longer connect by using the IP, I have to type in the DNS name "SBS2008". If I try to connect from the Internet I get error messages that the server could not be found or such.

I do have the port rules setup in the advanced firewall settings of SBS 2008 and I have added program exceptions. Both of which are set to Public as well. Since I am learning as I go I'm sure there is some service running that shouldn't or one that should but isn't.

What else is necessary for SBS 2008 to receive the forwarded port request from the router. I tried using the following for RDP xxx.xxx.xxx.xxx/SBS2008 but it said the / was not allowed. I used xxx.xxx.xxx.xxx.SBS2008 and just the IP by itself.

Any tips on where I can look next or reading material that will fill in the blanks would be greatly appreciated.

 

[Agent Smith]

If the DNS name works could this be due to your WAN IP changing? Or maybe the ports aren't forwarded correctly. Perhaps your ISP blocks port 80?

Here is some info I found.

This is a cached page because a direct link won't work. https://webcache.googleusercontent.com/search?q=cache:4RFQxQWEpnoJ:https://social.technet.microsoft.com/Forums/en-US/ae4f4747-b738-4f6f-af7c-026fdde83117/cant-access-sbs-2008-from-external-connection-old-2003-sbs-works-fine%3Fforum%3Dsmallbusinessserver+&cd=1&hl=en&ct=clnk&gl=us&client=palemoon

You can try Shields Up to see if your ports are forwarded. https://www.grc.com/x/ne.dll?bh0bkyd2

I have a Frontier DSL Modem/Router with DHCP disabled. It's connected to a Wireless Gigabit Router with DHCP enabled. The Router had port forwarding setup for the server originally with a reserved IP of 192.168.0.104 With that IP I could connect the game clients and my TS3 clients on the LAN and with the WAN IP I could connect to the same servers from the Internet.

Are you bridging correctly because this could be a double NAT issue as well.

 

[beers]

What does the DNS name resolve as? There is no reason it would work via DNS and not IP unless you are using the wrong IP address.

 

[sammyrg]

Sounds like a Server Configuration issue.

This sounds like an issue with the Server 2008 firewall not being configured.
Open the control panel and then windows firewall, after that is open there should be an advanced firewall link on the left side, open that and add the ports or programs you want to have access too.

 

[Xplanes]

Thanks for the replies. Shields up cannot find my server which they say is good, but is in fact bad.

The port forwarding has not changed from the first SBS2008 install which worked fine. I did setup advanced firewall settings in SBS and made sure the correct exceptions were set for the applications and the ports.

same router w/port forwarding

same nic on the server

same reserved ip in the router DHCP server settings and it shows up correctly in the client list

I have no dynamic dns. I am trying to connect by using the WAN IP for my home which has always worked in the past with this hardware but a previous instal of SBS. I have frequently checked the WAN IP and it is correct.

 

[Agent Smith]

Hmmmm. Sometimes Shields Up doesn't really say a port is open or not. I have a Teamspeak server and one of the ports I use says it's stealthed, but it's open. Could be the ISP. If the ports are indeed not open then I would look at your firewall again. Here's another port checker. https://pentest-tools.com/discovery-probing/tcp-port-scanner-online-nmap

 

[Xplanes]

I did discover one thing. The SBS setup gave the NIC a fixed IP that was not the one my router had reserved for it. I turned that off and let the router's DHCP server assign the IP. Now I can join the server from my lan with either the Computer Name (SBS2008) or the LAN IP (192.168.0.104) I tried from work and I still can't connect with any of the servers running on SBS2008 R2

So now I know the router is for sure forwarding the ports to the correct IP and SBS 2008 is accepting those connections for TeamSpeak 3, America's Army 2.5 and Remote Desktop Connection from the LAN. The same computer with the same credentials and workgroup cannot when the request is coming from outside my home network.

Ideas?

 

[Xplanes]

I've downloaded and ran nmap and it says the server is offline or not there. This one is driving me crazy.

The router is setup the same way it was with the previous sever install:

-DSL modem/router set to bridge
-Router has DHCP server enabled with the IP 192.168.0.104 reserved and properly assigned to the server.
-The ports for everything I'm trying to connect to are properly forwarded to the server IP 192.168.0.104 and had worked before the resinstall

-The SBS 2008 server has its DNS server enabled.
-It has its DHCP server disabled.
-SBS 2008 Advanced firewall has exceptions set for the programs I am running and the ports that are forwarded to it.
-The firewall is on and set to allow only exceptions listed to pass through from outside

From my LAN I can do the following with both the LAN IP and the DNS name SB2008:

-map drives on the server
-connect using RDP client from Win8 Laptop
-connect to Teamspeak 3 server from many clients
-connect to America's Army game server listed in the game's LAN server UI

From the Internet I can do nothing:

This has to be something so simple nobody has thought to ask me if I did it or changed it. I am new to this and could easily have missed something almost nobody else would have.

What obvious setting or service should I look at?

Are there any other tools I can get that would confirm the traffic is making it to the SBS2008 firewall? Are there logs somewhere?

 

[Agent Smith]

You more than likely can't nmap your own IP as your router may prevent loopbacks. Use the link I gave above to have nmap do it remotely. https://pentest-tools.com/discovery-probing/tcp-port-scanner-online-nmap

Are there any other tools I can get that would confirm the traffic is making it to the SBS2008 firewall? Are there logs somewhere?

You can run a network sniffer that uses SNMP.

 

[Xplanes]

I ran nmap from work about 40 miles away.

 

[Xplanes]

I put it in the DMZ today and tried again. Nothing will connect. I get the same results from nmap with the server in the DMZ as I do behind the router firewall.

I can believe one of the programs would have an issue if I typo-ed the port forwarding, but it's every program.

What on SBS 2008 would block all traffic from the Internet while allowing all traffic (at least according to proper forwarding and exceptions rules) on the LAN?

 

[Agent Smith]

It's might be your network setup with those two routers.