Maybe I am trying to do a bit too much here...

I have a VPS with a single NIC public on the Internet. We will call this Server 1.

I want to establish a VPN to to Server 1 from my private server. We will call this Server 2.

This works fine, I add roles VPN and NAT to Server 1, easily configure and it works great.

Server 2 will VPN to Server 1 and can browse the Internet just fine (NAT).

Note, again I only have 1 NIC in Server 1. This NIC has 2 public IP addresses. I VPN into Address 1, but I've configured NAT to use Address 2. Regardless, all this works fine if I only use a single IP, or both. It does not matter really.

Now, Server 1 is currently doing NAT on outbound traffice from Server 2, but I really want is for Server 1 to perform reverse NAT on inbound traffic from the Internet, NATting it to Server 2 down the VPN.

The config for this seems easy, just click the External adapter in NAT config, go to services, select HTTP or FTP or whatever, select the external IP (or entier adapter), tell it the incomming port, tell it the destination IP (private IP of Server 2) and the destination port.

It does not work. I have tried every configuration I can possibly think of - eventually even eliminating the VPN all together, for example:

1. Bind a FTP server to Address 2 (public IP), tell NAT to forward all FTP traffice from Address 1 to Address 2 - although a bit strange, it should work and does not.

2. Bind a FTP server to, tell NAT to forward all FTP traffic from Address 1 or Address 2, or the entire external NIC to, does not work.

I tried these unusual configurations because all the normal configurations will not work either:

1. Establish VPN - Server 1 gets a private IP ( and bind FTP to this IP, tell NAT to route to it. Nope.

2. Establis VPN - Server 2 gets a private IP ( and bind FTP to this IP on Server 2, tell NAT on Server 1 to route to this, nope.

It seems for the life of me, I can not Server 1 to reverse NAT a packet. I'm thinking it is because I only have 1 NIC in Server 1 - but that should not be a requirement as when the VPN establishes it creates a private virtual NIC that NAT should be able to use.

I've also tried adding Routing to Server 1, adding in static routes from the public IP to the private IP segment of the VPN. Maybe my routes were not correct, but most likely not.

My question, has anybody actually done this or am I just spinning my wheels?


I have an update. Interestingly enough, I decided to test this a bit at home. I set up a small private network - a Hyper-V server actually, and connected that to the NIC in my desktop computer.

Desktop also has wireless, so I ICS shared the wireless with the NIC and my Hyper-V has Internet - works like a dream.

So I configured reverse NAT on my Wireless NIC to forward down to a Hyper-V W2K2 server, and that also works just fine.

So I can get it working here at home just fine using wireless NIC, wired NIC, a hub, Hyper-V, and Windows 7........