Yeah, I've had some strange problems too. 8)
First up, I'd use SP5. Never can tell. Second, transparency on both NICs
seems weird - in fact turning that on for both NICs used to reliably BSOD
Gauntlet 3 for me. Try without it on the External NIC...
I had some odd problems with Gauntlet 5 on a clean Compaq box that went away
when I uninstalled, reapplied SP and reinstalled. Nothing like science.
You'd need to bit a bit more specific about the way you multiplex the
virtual websites and the way "Gauntlet modifies the packets". Have you run a
sniffer on the packets before and after they get to the firewall?
If you use different IP addresses for each www site, then using the proxy
without transparency and setting external browsers to use the FW as a proxy
server should work fine. If you're doing it by port, you can use external
plug proxies. If you're just using Some Weird Header Stuff, YMMV.
Cheers,
--
Ben Nagy
Network Consultant, CPM&S Group of Companies
Direct: +61 8 8422 8319 Mobile: +61 414 411 520
-----Original Message-----
From: Dimitris Kontoudis [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 24, 1999 2:25 PM
To: [EMAIL PROTECTED]
Subject: Gauntlet5/NT4 strange behaviour -- please take a look
Hello all,
I've run into some strange problems while trying to
operate Gauntlet 5.0 on NT4/sp4.
My setup is pretty minimum: NT4/SP4, Gauntlet 5, two NICs,
DNS on the machine. Subnets (as an example) :
trusted 194.219.12.0 netmask 255.255.255.128
untrusted 194.219.12.252 netmask 255.255.255.252
Transparency is enabled on both NICs. All IPs on both
sides are legal.
Overall, the status is that I have full functionality
from inside (trusted) going outside (untrusted) but can't
get results going the other way round (from outside into
the internal, protected, network).
What I need to do is allow:
trusted users: http,ftp,telnet,lotus notes access
untrusted users: access a designated internal web
server hosting several virtual www
servers, and access the internal
lotus server
As far as accessing the internal web server is concerned
the only solution that produced *some* results was allowing
the untrusted users use the http proxy and handing-off the
request to the internal www server. BUT, Gauntlet somehow
modifies the external user's packets and thus the www server
cannot determine which virtual server the user is trying to
access.
I've tried all possible combinations I could come up with
and still no result. I even used packet screening to allow
ALL ports to and from the web server (and the lotus server
as a second test) and this DIDN'T work either !!
Does anyone out there have a similar setup ?
I would appreciate ANY suggestions as I'm all out of ideas.
Regards,
Dimitris.
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
