Port Forwarding from Home Router to a Sever behind VMWare NAT Interface

If you ever wanted to let someone access your VMWare servers from public internet, this post is for you. 

The server is behind the NAT interface (VMnet8) of your VMWare Workstation in your PC which is the most common method for IT guys for their testing etc.

The diagram on the right side explains what I did.

Here I used my home router ZTE F660 which is a fiber optic router provided by my ISP.

The server I used for this was a Windows Server with IIS service enabled.

VMWare is installed in my laptop and it is connected to the home router via WiFi.

So my goal was to give my public IP to a friend of mine to access my Windows IIS Server through his web browser.

Port Forwarding in Router

In my ZTE, I went to Application > Port Forwarding and added a rule like the following. 

This should be same like in your home router.

Notice my Laptop IP is 192.168.1.10 in my home LAN. So I am forwarding the traffic coming from any WAN IP to my public IP's port 80 to my laptop's port 80.

I just need to take care of the LAN side IP only for port forwarding.

Port Forwarding in VMWare Virtual Network Adaptor

Type Virtual Network Adaptor in Windows search and click on Change the Settings.

Select VMnet8 in the list (whatever the NAT interface you have) and click on NAT settings.

Just add a port forwarding rule like the following which says to forward the traffic coming to host (my laptop) port 80 to the server IP's (10.1.1.100) port 80

Now the routing part is done, additionally you may need to turn off your laptop firewall / server firewall while your friend is accessing or you may configure rules to allow the traffic.

If your public IP is also a dynamic one like mine, and need to give a permanent address to your servers for a while you may try DDNS to get a URL.

If you are interested to get some idea about it, you can go here. 

Copy Files Between Cisco Routers through HTTP

This can be helpful when you want to export/import files like IOS images etc between routers faster.

Let's examine the contents of the flash in both routers.

I am going to copy the underlined file from R1 to R2..

Following configuration will be needed on R1;

R1(config)#username admin privilege 15 password cisco
R1(config)#ip http authentication local
R1(config)#ip http server
R1(config)#ip http path flash:

R1 should be a HTTP server. For authenticating the server, a username is created and authentication method is given as local for this example. Path is typed as flash:

On R2; just the following command will be needed to start importing..

R2#copy http://admin:cisco@192.168.12.1/shrun-0107 flash:

Now the file will be in the flash of R2..

Installing Active Directory, DNS and DHCP on Windows Server 2012 R2

As a network engineer you may have to have some idea of these basic services running in enterprise environments. If you want to install Windows Server 2012 with a basic understanding about the common terms you may need to go through following posts..

Active Directory Directory Services (ADDS) Structure Essentials

Basic Installation of Microsoft Windows Server 2012 R2 in VMware Workstation

If you haven't changed the server name after installation, go to Server Manager > Local Server 

Click on the Computer Name and give a name of your choice & restart the server..

Before installing the services like DHCP & DNS, you will have to assign an IP address to the network interface like the way you do in your Windows PC.

To install Active Directory, DNS and DHCP; click on the Manage > Add roles & features on the Server Manager dashboard.

It will prompt "Add Roles & Features" wizard. Basically you will need only to hit Next until where you will asked to select Server Roles..

Select the roles and hit Next all the way to Install. 

When adding roles, it will ask about the features, mostly you will have to continue with Next..

After the installation process completes, you will need to do 2 things which are marked in blue color in the results page. Click on Promote this server to a domain controller..
Because this is a clean installation (no domain nor forest), I am selecting Add a new forest & giving Root domain name as roshanznet.local

Give the DSRM password on the next page and click Next..
For the next pages, you will mostly hit Next until you find the page to Install..

After the reboot you will a yellow flag icon on the Server Manager dash board asking to complete DHCP configuration. Mostly for a basic setup it will just be few Next Nexts..

Active Directory Directory Services (ADDS) Structure Essentials

Cisco equipment are what make the internet works while Windows Active Directory Domain Services (ADDS) are what makes businesses work.

So network engineers should have at least a basic level of understanding on the way it is structured to serve in an enterprise environment.


This post is just about the basic architecture concepts about ADDS.. Not an in detail explanation..

Domain Controllers

Like the Exchange servers which control email services, the Domain Controllers are the servers which control ADDS which sets security permissions in a Windows environment. Basically it is the server which the System Administrators configure to allow or block certain users or computers from accessing certain resources (emails, VPNs, applications, file servers, printers etc) in a network.

Accounts

There are 2 types of accounts in AD
1) User Accounts
2) Computer Accounts

You can set permissions / apply polices to individual Accounts or Groups.

Schema

The information regarding to User Accounts or Computer Accounts are stored in a structured way which is called a "Schema"..

Ex:- Schema for a User Account
username:
email address:
extension:

In Windows AD, this Schema is extensible / can be modified (fields can be added)..

Groups

Groups are used to apply security..
Administrators create Groups and Assign User Accounts / Computer Accounts to them and they fix policies for the Groups which effect the all members in that group.

There are 2 types of Groups.
1) Security Groups
2) Distribution Groups

Security Groups are normal Groups you will see day to day.. They are used to apply security policies.
Distribution Groups are primarily used by email applications..

Groups can be bundled and assign into some other Groups too..

Ex:- We have a Sales group and a HR group in our company. These Groups are called Global Groups and those Global Groups can be inserted in to a Local Group and apply a security policy at once which effects to all members in both Groups..

Note that a same user can be in several Groups & individual Accounts can also be bundled with Groups..





These Local & Global are 2 scopes of Groups. Actually there are 3 scopes.
1) Global Groups
2) Local Groups
3) Universal Groups

Scopes are determined by 3 characteristics..

Replication - Where Group is created and where it is replicated..
Membership - What members the Group can have..
Availability - Where can the Group be used..

If you need more info about Group Scopes you can find them here.

Organizational Units (OU)

Organizational Units are Groups used to apply policy..
They are the Groups which are created for the Administrative purposes.
Which means there can be a delegated Administrator for that OU.

Domain & Sub Domains / Child Domains

Domain is all the users and all the computers which are tied to the Domain Controller's ADDS..
Sub domains / Child Domains are subsets of the parent domain. Actually a Sub Domain is a separate Domain in the same network with separate Domain Controllers but has the same Schema. Sub Domains can also have their own Sub Domains..

Ex:- google.com and it's sub domains like asia.google.com & europe.google.com
europe.google.com can have sub domains like east.europe.google.com & west.europe.google.com

Trust

When you create Sub Domains to Domains, automatically a 2-Way Trust happens.
And within those 2 Sub Domains a 2-Way Transitive Trust happens.

Which means;
google.com trusts asia.google.com and vice versa
google.com trusts europe.google.com and vice versa

Then asia.google.com trusts europe.google.com and vice versa which we call "Transitive Trust"

Trust simply means that the Admin of google.com can give permissions to a user account from asia.google.com to access resources of google.com and vice versa..

In a Transitive Trust the Admin of europe.google.com can give permissions to a user account from asia.google.com to access resources of europe.google.com and vice versa..

A user can access resources of another Domain using his username and password if the Admin of that Domain permits..

Tree

Because all Sub Domains share the same google.com name space, we call it is in a same Tree.
So a Tree is the entity you get when you add Sub Domains to a Domain.

Forest

A Forest is the entity you get when you add 2 or more Domains together with a Trust..
The difference of the Domains is the difference of the Schema..

Ex:- When google.com buys blogspot.com there is a Forest..

When 2 Domains are trusted, 2 way trusts don't happen like in Domains and Sub Domains. Admins can do only a One-Way Trust. So if 2 Way Trusts are required, Admins should create 2 One-Way Trusts..

Installing Microsoft Windows Server 2012 R2 in VMware Workstation

Download the ISO file, you can do this from original Microsoft site as an evaluation copy too.
Next go to the VMware and go to File > New Virtual Machine > Typical > I will install the operating system later and select Windows Server 2012 and specify the name if the server and the location to be installed.
60 GB will be enough for the hard disk space for my labs and I will store it as a single file.
It is better if you can give at least 4 GB for RAM and all the CPU cores available.
Don't forget to select the ISO image file from the CD ROM of the VM and make sure it is ticked to connect at power on before you begin.

Now let's start installing it by powering on the VM..

It willtake some time to pop this up.
Select your preferences and hit Next..

I am selecting the standard server with a GUI..
From this step onward, it is like installing a normal Windows PC operating system.. Just choose your preferences and hit Next..
After the installation, it will reboot and ask for the password of the Administrator account..

After the settings are finalized, you will be able to login from the Administrator password you gave..
You will see the following Dashboard..

Now it's better to install the VMware tools for smoother operation..
Go to VM > Install VMware tools
Now Go to Start Menu of the Server 2012 > This PC and double click on the CD ROM which will lead you to install VMware tools.. Just few Next, Nexts, it will be done and will reboot the machine..

First thing you will need is to change the IP address to a static IP, you will need to turn off or add some exceptions to the Firewall of the Server to allow pings from your routers to check the connectivity.. Both those activities are just like in your Windows PC..

By default it will assign it self a hostname .. You can change it from the Properties of This PC, just like you do in your Windows PC. It will ask for a reboot..