RE: Gauntlet5/NT4 strange behaviour -- please take a look

[James Smith]

My apologies if this is to obvious a question, but does your external router
on 

untrusted 194.219.12.252 netmask 255.255.255.252

know the route to the trusted IPs (through the firewall) rather than the
default external route since trusted are also legal addresses - unless you
are using NAT of course.

James Smith

                -----Original Message-----
                From:   Dimitris Kontoudis [mailto:[EMAIL PROTECTED]]
                Sent:   24 June 1999 05:55
                To:     [EMAIL PROTECTED]
                Subject:        Gauntlet5/NT4 strange behaviour -- please
take a look

                Hello all,

                I've run into some strange problems while trying to
                operate Gauntlet 5.0 on NT4/sp4.

                My setup is pretty minimum: NT4/SP4, Gauntlet 5, two NICs,
                DNS on the machine. Subnets (as an example) :

                        trusted 194.219.12.0 netmask 255.255.255.128
                        untrusted 194.219.12.252 netmask 255.255.255.252

                Transparency is enabled on both NICs. All IPs on both
                sides are legal.

                Overall, the status is that I have full functionality
                from inside (trusted) going outside (untrusted) but can't
                get results going the other way round (from outside into
                the internal, protected, network).

                What I need to do is allow:

                        trusted users: http,ftp,telnet,lotus notes access
                        untrusted users: access a designated internal web
                                         server hosting several virtual www
                                         servers, and access the internal
                                         lotus server

                As far as accessing the internal web server is concerned
                the only solution that produced *some* results was allowing
                the untrusted users use the http proxy and handing-off the
                request to the internal www server. BUT, Gauntlet somehow
                modifies the external user's packets and thus the www server
                cannot determine which virtual server the user is trying to
                access.

                I've tried all possible combinations I could come up with
                and still no result. I even used packet screening to allow
                ALL ports to and from the web server (and the lotus server
                as a second test) and this DIDN'T work either !!

                Does anyone out there have a similar setup ?
                I would appreciate ANY suggestions as I'm all out of ideas.

                Regards,

                Dimitris.


                ______________________________________________________
                Get Your Private, Free Email at http://www.hotmail.com
                -
                [To unsubscribe, send mail to [EMAIL PROTECTED] with
                "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]