We had a server outage last week that took down a number of assets we had. After restoring the server, and making sure our network security rules for the firewall and DNAT/SNAT rules were consistent with the state of the server, we found that a number of sites not using Port 80, like FTP, Email and Media Streaming were not connecting through the firewall. After restarting our Active Directory server, the connections to FTP and Email started working, but not Media Streaming, on Port 8080. I can access it from inside the firewall, but not from outside of it. I checked the DNAT rule we had for it, and the External IP address set for the Traffic Destination is correct, and the server name for the Destination shows the correct internal IP address. I have tried setting the Traffic Service to the Media Streaming w/HTTP group (which was the setting for the rule already in place), Media Streaming group, and even just indicating MMS (the server uses Windows Media Server). I tried setting up a copy of the MMS service pointing to Port 8080. None of these worked.
I have checked the Active Directory server handling the internal IP addresses for the servers it manages. The internal IP for the WMS server is consistent with what is indicated in the server name referenced in the DNAT rule. And, as I mentioned earlier, I can send a successful request to the server from inside the firewall, so I have eliminated problems with the IIS site definition and bindings and do not think the problem is with our internal server routing.
I am trying to nail down whether this is a problem with Active Directory's management of the internal IP for this server or with Astaro (v8, in my case).
For the sake of disclosure, my normal function is in software development, my expertise in firewall and server management is limited.
This thread was automatically locked due to age.
