Contact Us Today! We will take care of all your computing needs so you can get back to focusing on your business. SBI Rochester Call: (585)360-2572

2015 March Home // 2015 March

Time to replace windows server 2003!

Windows server 2003 has been good to us. It has served up our files, websites, terminal sessions, etc for many years now. That is all coming to an end for most businesses. Windows server 2003 is reaching end of support on July 14th 2015 (https://www.microsoftbusinesshub.com/windows-server-2003-EOS-migration-registration). That means no more security updates patching security flaws. This could leave you business at risk and open to hackers.

Having antivirus, firewalls, and other security software can help minimize some risks, but when it comes to security flaws in the operating system you really need to have them patched. If your company has any stored information about your customers you have the obligation to keep that information private, and a breach can be blamed on you. It is not worth the risk to keep these old servers around.

If you still have a windows server 2003 based server in your business, you should make a plan to replace it before July 14th. If you switch to a new server with windows server 2012, it will be supported until January 2023 (https://support.microsoft.com/en-us/lifecycle/search/default.aspx?sort=PN&alpha=windows%20server&Filter=FilterNO)

1:1 NAT With Virtualbox Virtual Machines on Windows Server 2012 Host

Problem: I rent a server that doesn’t allow you to use bridged mode with virtual machines due to port security which only allows one mac address to connect to their switch. Normally, you would just use bridged mode, and assign a VM the external IP address you get from your ISP, but that won’t work here. I was told I needed to use NAT to connect my VM’s to the internet.

Virtualbox supports NAT mode, but then you have to set up port forwarding for any services you need to use. This can be an issue especially for services like FTP which when in passive mode needs port 21 for login and control, and a port range for the data channels. Most FTP services allow you to assign a range of ports to use, so you can forward them, but Virtualbox doesn’t support port range forwarding, so you have to forward each port individually. A much easier way to deal with a situation like this is to use 1:1 NAT also known as basic NAT or 1 to 1 NAT, but Virtualbox doesn’t support that either.

Solution: Virtualbox does support a networking mode called host only networking. This basically acts as a virtual switch that is connected to a virtual NIC on your computer. So if you set up windows server for NAT, you can use windows server’s 1:1 Nat abilities. Here’s how.

1. Set the VM to use host only networking in the virtualbox interface, Then set a static IP address in your VM in the 192.168.56.2-254 range. Setting a static IP address can vary from one host to another, so I won’t go into that.

hostonly

 

2. In server manager add roles and features

addrole

 

3. Check remote access

 

remacc

4. Check routing

rout

 

5. Open Routing and remote access, right click on your server and choose configure and enable routing and remote access.

conf

 

6. Choose network address translation (NAT)

nat

 

7.  Choose your NIC attached to the external network.

ether

 

8. Choose to set up dns and dhcp later

name

 

9. Once it finishes setting up RRAS expand ipv4, and click on NAT, then double click Ethernet.

ether2

 

10. Under the address pool tab click add, and add your IP address pool given to you by your ISP or hosting provider.

 

add

11. Click reservations, then add, and input the external address you want to map to your VM, and the static IP address you gave it in the first step, and check allow incoming sessions to this address.

map

 

12. Then just hit ok until you get back to routing and remote access, and you should be all set! Your static, external IP address now maps to your VM’s internal address, and any services that your vm’s firewall or security software aren’t blocking can be accessed from that IP address.