Re: Validating NT thought a natting firewall

To: debian-firewall@lists.debian.org, Mike Mestnik <cheako911@yahoo.com>
Subject: Re: Validating NT thought a natting firewall
From: "Leonardo Boselli" <leo@dicea.unifi.it>
Date: Wed, 26 May 2004 22:51:26 +0200
Message-id: <[🔎] 40B51F6E.30664.131DE1F@localhost>
In-reply-to: <[🔎] 20040526204244.90903.qmail@web11906.mail.yahoo.com>
References: <[🔎] 40B50DDC.8960.ED39FB@localhost>

Il 26 May 2004 alle 13:42 Mike Mestnik immise in rete
> There are the old SMB protocol rules that say one authenticated
> conection for one IP, these could be hanging you up.  I would bypass
> winblows alltogether with samba and have it forward(by resharing
> mounted shares) all the shares/authentication.
> Another thing you could try is using tcpdump or iptraf to see what if
> any connections your not allowing.  Also giving the nat box one IP for
> each IP it's nating for might fix the problem, but defeat the purpose
> of the nat.

Actually the gateway has 5 IP ... one for itself and one for each of the 
four internal administyrative hosts. so for every service I have a fixed 
address with all ports passing unalterated.
I wrote only 195, but there are other 6 rules for 195 196 and 197 !

 
> --- Leonardo Boselli <leo@dicea.unifi.it> wrote:
> > machines (one NT4 and three win2k) have fixed address 192.168.19.194
> > to .197 . on the gateway there is an iptables as: -A PREROUTING -s
> > a.b.c.0/255.255.255.0 -d a.b.c.194 -j DNAT --to- destination
> > 192.168.19.194 -A POSTROUTING -s 192.168.19.194 -j SNAT --to- source
> > a.b.c.194
> > 
> > I have added to the domain the four administrators` hosts [by just
> > plugghing diretly to main network with a temporary number) This way
> > for that 4 machines all ports are open. All service run smoothly
> > except that if I try from one of such machines to login as a non
> > local user or try to add permission for an user on the server the
> > machines invariantly say that thy cannot access main server. i have
> > also added in lmhosts the address of the PDC and BDC with #PRE
> > #DOMLMYDOMAIN but no success. It seem that thse machines cannot 
> > validate
> > to the server throught the natting firewall (that incidentally, does
> > not firewall anything for those 4 address, jst shift the addresses
> > both way
> > !)
> > Can you help me ???? --
--
Leonardo Boselli
Nucleo Informatico e Telematico del Dipartimento Ingegneria Civile
Universita` di Firenze , V. S. Marta 3 - I-50139 Firenze
tel +39 0554796431 cell +39 3488605348 fax +39 055495333
http://www.dicea.unifi.it/~leo

Reply to:

Follow-Ups:
- Re: Validating NT thought a natting firewall
  - From: Mike Mestnik <cheako911@yahoo.com>

References:
- Validating NT thought a natting firewall
  - From: "Leonardo Boselli" <leo@dicea.unifi.it>
- Re: Validating NT thought a natting firewall
  - From: Mike Mestnik <cheako911@yahoo.com>

Prev by Date: Re: Validating NT thought a natting firewall
Next by Date: Re: Validating NT thought a natting firewall
Previous by thread: Re: Validating NT thought a natting firewall
Next by thread: Re: Validating NT thought a natting firewall
Index(es):
- Date
- Thread