Here's my scenario:

Two servers, one AD Domain Controller also running as the DNS server.
Second server is running Virtual Server, which is hosting two Windows
XP sessions. Internet connection is through cable company and have a
standard Linksys router performing NAT and forwarding port 3389 to one
of the XP virtual sessions.

Here's what I'd like to do:

I'd like to have it set so that when an external user connects to the
XP session throug termial services, the port gets forwarded to the
next machine. So if someone connects to XP session A, then the next
request gets forwarded to XP session B, and the next to A, etc, in a
round-robin way.

Internally, this isn't a problem really, since I can just set up a
host name with the two IP addresses of the virtual XP sessions. But
how can I do this for external users? Is this something that DNS can
even do? Basically it seems like I'd be taking one IP address and
forwarding it to another IP address.

Any will be appreciated. Hope I'm not too far off-topic here.

Arnold...

Arnold wrote:
> Here's my scenario:
>
> Two servers, one AD Domain Controller also running as the DNS server.
> Second server is running Virtual Server, which is hosting two Windows
> XP sessions. Internet connection is through cable company and have a
> standard Linksys router performing NAT and forwarding port 3389 to one
> of the XP virtual sessions.
>
> Here's what I'd like to do:
>
> I'd like to have it set so that when an external user connects to the
> XP session throug termial services, the port gets forwarded to the
> next machine. So if someone connects to XP session A, then the next
> request gets forwarded to XP session B, and the next to A, etc, in a
> round-robin way.
>
> Internally, this isn't a problem really, since I can just set up a
> host name with the two IP addresses of the virtual XP sessions. But
> how can I do this for external users? Is this something that DNS can
> even do? Basically it seems like I'd be taking one IP address and
> forwarding it to another IP address.

I think I kind of get an idea of what you want, and I'm 100% certain it
won't work. This is something your router would have to do, because it's 1
IP to 1 port. I don't think there's anyway to get the router to send a
connection to one machine this time and another machine next time without
changing the router configuration.
Plus, I'm not sure what your really trying to achieve here anyway.

It would likely cheaper to license the terminal server at $67 per CAL,
anyway. You might even get a better deal than $67 if you shop around.



--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This s
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oe.com/OEBackup/Default.aspx
===================================

On Fri, 8 Sep 2006 17:30:21 -0500, "Kevin D. Goodknecht Sr. [MVP]"
<admin@nospam.WFTX.US> wrote:

>Arnold wrote:
>> Here's my scenario:
<SNIP>
>> Internally, this isn't a problem really, since I can just set up a
>> host name with the two IP addresses of the virtual XP sessions. But
>> how can I do this for external users? Is this something that DNS can
>> even do? Basically it seems like I'd be taking one IP address and
>> forwarding it to another IP address.
>
>I think I kind of get an idea of what you want, and I'm 100% certain it
>won't work. This is something your router would have to do, because it's 1
>IP to 1 port. I don't think there's anyway to get the router to send a
>connection to one machine this time and another machine next time without
>changing the router configuration.
>Plus, I'm not sure what your really trying to achieve here anyway.
>
>It would likely cheaper to license the terminal server at $67 per CAL,
>anyway. You might even get a better deal than $67 if you shop around.

Basically I was just experimenting with remote access and terminal
services. The grand scope of this experiment would have been to have
a few XP virual workstations set up and have only one external entry
point to any of them. The big picture is doing it either this way or
through VNC or mixing it up because some of our users like to connect
to their own desktops versus a shared PC when working remotely, while
others don't really care.

The round-robin thing was just something to have in case the need came
up for something else as well. Ultimately, besides the Terminal
Server CAL, I'd also be better off going over a VPN and then
establishing the connection for a bit more security. Then I'd be able
to do round-robin as well.

Thanks for the info though.

Arnold wrote:
> On Fri, 8 Sep 2006 17:30:21 -0500, "Kevin D. Goodknecht Sr. [MVP]"
> <admin@nospam.WFTX.US> wrote:

> The round-robin thing was just something to have in case the need came
> up for something else as well. Ultimately, besides the Terminal
> Server CAL, I'd also be better off going over a VPN and then
> establishing the connection for a bit more security. Then I'd be able
> to do round-robin as well.

If your actual goal is to give users access to their desktops from outside
the Network, hands down, your best road to that goal is a VPN, they're easy
to set up and require no additional licenses and are very secure. The only
thing you really have to watch for is making sure the LAN IPs are on a
different subnet from any of the external user's networks. You can even get
by without a static IP by using a dynamic DNS service like TZO or
dyndns.org.


--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This s
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oe.com/OEBackup/Default.aspx
===================================