Re: Validating NT thought a natting firewall

To: Leonardo Boselli <leo@dicea.unifi.it>, debian-firewall@lists.debian.org
Subject: Re: Validating NT thought a natting firewall
From: Mike Mestnik <cheako911@yahoo.com>
Date: Wed, 26 May 2004 14:34:38 -0700 (PDT)
Message-id: <[🔎] 20040526213438.88781.qmail@web11908.mail.yahoo.com>
In-reply-to: <[🔎] 40B51F6E.30664.131DE1F@localhost>

K, use "iptabels -nvLt nat" too see what rules are being used.  Also use
tcpdump or iptaf to see what traffic is not getting passed.

My previous post was thinking you where DNATing to the servers, a common
nat setup.  However your SNATing to them too segragate them from the local
net.

--- Leonardo Boselli <leo@dicea.unifi.it> wrote:
> Il 26 May 2004 alle 13:42 Mike Mestnik immise in rete
> > There are the old SMB protocol rules that say one authenticated
> > conection for one IP, these could be hanging you up.  I would bypass
> > winblows alltogether with samba and have it forward(by resharing
> > mounted shares) all the shares/authentication.
> > Another thing you could try is using tcpdump or iptraf to see what if
> > any connections your not allowing.  Also giving the nat box one IP for
> > each IP it's nating for might fix the problem, but defeat the purpose
> > of the nat.
> 
> Actually the gateway has 5 IP ... one for itself and one for each of the
> 
> four internal administyrative hosts. so for every service I have a fixed
> 
> address with all ports passing unalterated.
> I wrote only 195, but there are other 6 rules for 195 196 and 197 !
> 
>  
> > --- Leonardo Boselli <leo@dicea.unifi.it> wrote:
> > > machines (one NT4 and three win2k) have fixed address 192.168.19.194
> > > to .197 . on the gateway there is an iptables as: -A PREROUTING -s
> > > a.b.c.0/255.255.255.0 -d a.b.c.194 -j DNAT --to- destination
> > > 192.168.19.194 -A POSTROUTING -s 192.168.19.194 -j SNAT --to- source
> > > a.b.c.194
> > > 
> > > I have added to the domain the four administrators` hosts [by just
> > > plugghing diretly to main network with a temporary number) This way
> > > for that 4 machines all ports are open. All service run smoothly
> > > except that if I try from one of such machines to login as a non
> > > local user or try to add permission for an user on the server the
> > > machines invariantly say that thy cannot access main server. i have
> > > also added in lmhosts the address of the PDC and BDC with #PRE
> > > #DOMLMYDOMAIN but no success. It seem that thse machines cannot 
> > > validate
> > > to the server throught the natting firewall (that incidentally, does
> > > not firewall anything for those 4 address, jst shift the addresses
> > > both way
> > > !)
> > > Can you help me ???? --
> --
> Leonardo Boselli
> Nucleo Informatico e Telematico del Dipartimento Ingegneria Civile
> Universita` di Firenze , V. S. Marta 3 - I-50139 Firenze
> tel +39 0554796431 cell +39 3488605348 fax +39 055495333
> http://www.dicea.unifi.it/~leo
> 



	
		
__________________________________
Do you Yahoo!?
Friends.  Fun.  Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/

Reply to:

Follow-Ups:
- Re: Validating NT thought a natting firewall
  - From: Leonardo Boselli <leo@dicea.unifi.it>

References:
- Re: Validating NT thought a natting firewall
  - From: "Leonardo Boselli" <leo@dicea.unifi.it>

Prev by Date: Re: Validating NT thought a natting firewall
Next by Date: Re: Validating NT thought a natting firewall
Previous by thread: Re: Validating NT thought a natting firewall
Next by thread: Re: Validating NT thought a natting firewall
Index(es):
- Date
- Thread