Validating NT thought a natting firewall
his is not a strictly debian problem, but i hope someone could help me: I
have two NT4 server (PDC and BDC) on a subnet a.b.c.0/24 . I have a
number of win2000 with some NT4, XP clients and some win2k and
samba servers. All are happy whitin the subnet. For local policy i have
four in an area that have some security concern so these are behind a
linux (sarge with 2.4.25) gateway acting as a natting firewall. So this
firewall is set that every host "inside the area" get a number by dhcp in
192.168.19.20 to 150.217.19.188 Only four machines (one NT4 and
three win2k) have fixed address 192.168.19.194 to .197 . on the gateway
there is an iptables as:
-A PREROUTING -s a.b.c.0/255.255.255.0 -d a.b.c.194 -j DNAT --to-
destination
192.168.19.194 -A POSTROUTING -s 192.168.19.194 -j SNAT --to-
source a.b.c.194
I have added to the domain the four administrators` hosts [by just
plugghing diretly to main network with a temporary number)
This way for that 4 machines all ports are open.
All service run smoothly except that if I try from one of such machines to
login as a non local user or try to add permission for an user on the
server the machines invariantly say that thy cannot access main server. i
have also added in lmhosts the address of the PDC and BDC with #PRE
#DOMLMYDOMAIN but no success. It seem that thse machines cannot
validate
to the server throught the natting firewall (that incidentally, does not
firewall anything for those 4 address, jst shift the addresses both way !)
Can you help me ???? --
--
Leonardo Boselli
Nucleo Informatico e Telematico del Dipartimento Ingegneria Civile
Universita` di Firenze , V. S. Marta 3 - I-50139 Firenze
tel +39 0554796431 cell +39 3488605348 fax +39 055495333
http://www.dicea.unifi.it/~leo
Reply to: