SEARCH

How-To Geek

How to Run Multiple Terminal Servers on a Single IP Address

Unless you have a special setup, you typically only need a single IP address from your ISP to run your network. With your network sitting behind a firewall/router, you can direct your incoming traffic to the appropriate servers to handle email, web, remote connections and anything else. The problem comes when you have multiple servers which need to receive traffic from a common port. Instead of adding more public IP addresses (and cost), we are going to show you how to handle this situation using on a single IP.

In our article, we are going to cover handling multiple terminal servers (using the RDP protocol which runs on port 3389), again, in a network which only has a single public IP address. In our environment, we use a DD-WRT based router (flashed on a $25 Linksys router) which acts as both our firewall and router. If you are not using a DD-WRT based router, the same method may be available on your firewall/router. Additionally, we cover an alternate method which should work in any environment.

Configuring Port Forwarding

One of the nice features of port forwarding in DD-WRT is the ability to seamlessly apply port “remapping”, that is the external port the client connects to at the router is mapped to an alternate port which is sent to the target machine in your network. The advantage to this method is you do not have to make any configuration changes on the server machines since the traffic is sent to it using the default port.

In the example below, there are 3 terminal server/RDP servers inside the network:

  • Local 192.168.16.21 (rdp_primary) runs Small Business Server 2008
  • Local 192.168.16.24 (rdp_2) runs Windows Server 2003 Standard
  • Local 192.168.16.25 (rdp_3) runs Windows Server 2008 Standard

In the DD-WRT control panel under the NAT/QoS > Port Forwarding tab you can configure port remapping. In our example we are using the default RDP port (3389) to connect to ‘rdp_primary’ and using external ports 624 and 625 to route RDP traffic to ‘rdp_2’ and ‘rdp_3’ on the default port of 3389. Simply put, when traffic comes in to ports 624 or 625, the router automatically applies the translation which sends the data to ports 3389 on the target machines. The target server never knows the difference.

image

Connecting

The connections below show how the client would connect to desired server using the configuration settings above.

Connecting to the default RDP port (3389) routes to the Small Business Server 2008 machine.

image

image

Connecting to RDP using port 624 routes to the Windows Server 2003 Standard machine.

image

image

Connecting to RDP using port 625 routes to the Windows Server 2008 Standard machine.

image 

image

Alternate Method

As an alternate to using port remapping, you configure each server machine to use a different RDP port by editing the following registry value and then rebooting the machine:

HKEY_LOCAL_MACHINESystemCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp

If you go this route, you must remember to configure port forwarding on your master firewall as well as update any local firewall rules (i.e. the Windows Firewall) running on the respective machine to allow the alternate port number.

After making these configuration changes, the end users would access the terminal servers running on the alternate port the same way illustrated above.

Conclusion

For our article, we used RDP as the example for illustrating how you can use port remapping eliminate non-standard configurations on your servers, but you can just as easily apply the same methodology for any other services such as HTTP or SMTP.

Links

DD-WRT Website

Jason Faulkner is a developer and IT professional who never has a hot cup of coffee far away. Interact with him on Google+

  • Published 07/20/10

Comments (7)

  1. Jedi_B

    or a dynamic DNS account?

  2. bbd

    Excellent tip thank you very much

  3. littlebearz

    Nice, except I wanted to figure out how to map all instances through the same ip with same external port, using subdomain to switch them, ie rdp1.littlebearz.com points to 192.168.1.121 and rdp2.littlebearz.com points to 192.168.1.122

    I know this can be done via the professional software that microsoft has but I’m just curious.

  4. sean carango

    Will this work on machines having XP or 7?

  5. Jason Faulkner

    @sean carango – This process will work for any OS. All the work is done on the router, so the end machine’s does not matter.

  6. jickel

    I had this up and running working great. Something happened and I can no longeer access the servers from outside the network. I can ping my domain name from inside the network but it times out, outside the network. Any advice?

  7. jickel

    Did a little research. ipnat.sys! Had to stop RRAS! I can now ping from outside the network but still cannot connect to the server via RDP.

Enter Your Email Here to Get Access for Free:

Go check your email!