Jon, Something like this just might work. I think you will need to use four of your public addresses, since the GB-Lite PRO interface will need to be on the same network as the NT4 server. You will need to make this a very small subnet of the 216.42.x.x network. Suppose you use the network 216.42.0.4 with subnet mask 255.255.255.252, the the GB-Lite PRO interface would be 216.42.0.5, the NT server 216.42.0.6, and the broadcast address 216.42.0.7. 216.42.0.6 would be an alias on your main GNAT-Box, and provided that your NT box didn't need to talk directly to whatever used them, you could still use 216.42.0.4 , 5 , and 7 for other purposes. (In other words, if you've got another server, say serving your web site to the public, don't use these addresses if you want the NT4 server to be able to see the web-site, since the GB-Lite would never attempt to route packets to the aliases on the GNAT Box EXT interface).
I think you may have a workable solution here! Good luck! Brian Adams > -----Original Message----- > From: Jon Schlegel [SMTP:[EMAIL PROTECTED]] > Sent: 08 October 2001 17:51 > To: Brian Adams; [EMAIL PROTECTED] > Subject: RE: IP Pass Through from PSN to EXT interface Setup Problems > > Hmm... Interesting ideas from all. Thanks for responding. > > Brian, I'm not familiar with Virtual LAN tech. yet so I'll have to check > into that. > > What about this idea that came to me as I was reading your responses. > > * Dedicate a second GNAT Box to the server host such that its EXT > interface was connected to the PSN of the main GNAT Box with its PRO > interface (I think a GB-Lite installation should work) connected to the > server host. > * Set up the server host on its original, as-planned Internet IP using > the second, dedicated GNAT Box to insulate the server host and its > registered IP from the PSN of the main GNAT Box. > * Use either IP Pass Through and Routing through both Boxes -OR- a > "double NAT" arrangement through both boxes to complete the connection. > * Start drinking heavily when I attempt to actually get this kludge to > play. > > Jon Schlegel > [EMAIL PROTECTED] > > > > At 12:39 PM 10/8/01 +0100, Brian Adams wrote: > > > --------------------- Attention ----------------------------- > A digest version of this list is now available. > Send email to [EMAIL PROTECTED], with the following message: > subscribe gb-users-digest your_email_address > Then unsubscribe from this list. > ------------------------------------------------------------- > GNAT Box User Forum <http://www.gnatbox.com/cgi-bin/Ultimate.cgi> > Send postings to: [EMAIL PROTECTED] > Access the list archives at: <http://www.gnatbox.com/gb-users/> > ------------------------------------------------------------- > Jon, > > We have a similar problem with MS Exchange, which is why we use > pass-through > (brute force solution - but it works!) The problem occurs because the MTA > passes source IP addresses as part of the payload, not just in the packet > header - NAT it appears, can't see this information, and therefore cannot > translate it. I would imagine that your problem is similar - the > "redirect" > is part of the data on a web page - NAT has no way of knowing the > difference > between legitimate data, and addresses which must be translated. > > It may be possible to look at the redirect - we have a Filemaker Pro > server > which redirects like this when we type in its IP address - > http:\\10.10.10.200/FMRes/FMPro . If this is similar to what happens with > your application, you may be able to use the entire redirect string to > connect to your embedded web server, just by substituting the EXT address > for the real PRO one. However, this will only work if subsequent page > references from the embedded server are relative to the root page, rather > than absolute, because absolute references will always include the true IP > address of the server. If this will not work, you really do have a > problem! > You can't make your private IP address available via the internet, and I > presume you don't really want to have to aquire public IP addresses for > your > PRO. How many people need to use the embedded server from outside? If it > is only one or two, have you considered using a VLAN connection? (You > will > need to buy the VLAN client for your GNAT Box). > > Regards > > Brian Adams > > -----Original Message----- > > From: Jon Schlegel [SMTP:[EMAIL PROTECTED]] > > Sent: 08 October 2001 12:03 > > To: Brian Adams; [EMAIL PROTECTED] > > Subject: Re: IP Pass Through from PSN to EXT interface Setup > Problems > > > > Thank you for the informative response Brian, > > > > The instant you mentioned the giving routes to the GNAT Boxes I realized > > > what was going on. My level of understanding thus incrementally > > increased. > > > > My reason for attempting this in the first place is that the server I am > > > implementing has an imbedded web server for remote access control. The > > basic server function works f\just fine through NAT but for some reason, > > > the imbedded web server apparently does not get NATed properly. I can > > access it on the PROtected network via the EXTernal Internet address but > > > when I do, the browser "redirects" to the internal 192.168.x.x address. > > > > More surprising than that is what occurs when I attempt access to it on > > the > > Internet via a separate route. Once again the browser is redirected to > > the > > internal 192.168.x.x address which of course does not route. My reason > > for > > attempting the IP Pass Through then was to get the was to get the > > 192.168.x.x address out of the picture in hopes that things would start > > working (albeit by brute force). Now that I realize that Pass Through > > will > > not work, I guess it's time to get the packet sniffer going and solve > the > > problem in a correct manner. > > > > Thanks again, Bian. > > > > Jon > > > > At 09:20 AM 10/8/2001 +0100, Brian Adams wrote: > > >--------------------- Attention ----------------------------- > > >A digest version of this list is now available. > > >Send email to [EMAIL PROTECTED], with the following message: > > >subscribe gb-users-digest your_email_address > > >Then unsubscribe from this list. > > >------------------------------------------------------------- > > >GNAT Box User Forum <http://www.gnatbox.com/cgi-bin/Ultimate.cgi> > > >Send postings to: [EMAIL PROTECTED] > > >Access the list archives at: <http://www.gnatbox.com/gb-users/> > > >------------------------------------------------------------- > > > > Jon, > > > > > > > > As I understand it, what you suggest will not work. Pass through > > means > > > > precisely that - the real IP address of your server will be passed > > through > > > > from one network to another. I presume from the address range on > your > > EXT > > > > network that it is connected to the internet? If so, you can't pass > > > > through the 192.168.x.x address, since no-one on the internet will > > know > > > > the route to it. (We use pass through on a set of GNAT boxes which > > > > interconnect parts of our organisation, but this only works because > > each > > > > GNAT box has been given the route to the PSN's of the other GNAT > boxes > > - > > > > but you can't tell someone else's router how to get to your PSN). > > > > > > > > Why use pass through? Why not use an alias on your EXT, and tunnel > > this > > > > to the real address on the PSN? (The only reason for not doing this > > would > > > > be if the process being run on the EXT connected machines must know > > the > > > > actual address of the NT server, but I can't imagine what you might > be > > > > doing to make this the case.) > > > > > > >Regards > > > > > >Brian Adams > > > > -----Original Message----- > > > > From: Jon Schlegel [SMTP:[EMAIL PROTECTED]] > > > > Sent: 08 October 2001 05:50 > > > > To: [EMAIL PROTECTED] > > > > Subject: IP Pass Through from PSN to EXT interface Setup > Problems > > > > > > > > --------------------- Attention ----------------------------- > > > > A digest version of this list is now available. > > > > Send email to [EMAIL PROTECTED], with the following message: > > > > subscribe gb-users-digest your_email_address > > > > Then unsubscribe from this list. > > > > ------------------------------------------------------------- > > > > GNAT Box User Forum <http://www.gnatbox.com/cgi-bin/Ultimate.cgi> > > > > Send postings to: [EMAIL PROTECTED] > > > > Access the list archives at: <http://www.gnatbox.com/gb-users/> > > > > ------------------------------------------------------------- > > > > Hello everyone, > > > > > > > > I'm using GB-Pro 3.2.1 and would like to connect a server running on > > NT > > > > 4.0 > > > > on the PSN to the EXT network via IP Pass through. The PSN > interface > > is > > > > set up to a Class C internal address (192.168.x.x) where some other > > > > servers > > > > are running NAT to the EXT network. Running IP Pass Through will > > require, > > > > > > > > it seems, for the server host to be set up for one of my EXT network > > IPs > > > > of 216.42.x.x even though it will exist on the 192.168.x.x > network > > of > > > > the PSN interface. > > > > > > > > Is this doable? If so, what GNAT Box setup is required? Just as > > > > important, what NT networking setup is required? Do I use the EXT > > network > > > > > > > > router IP as the default gateway or do I use the PSN interface IP? > > > > > > > > > > > > Jon Schlegel > > > > [EMAIL PROTECTED] > > > > > > > > ---------------------------------------------- > > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > > > > with "unsubscribe gb-users your_email_address > > > > in the body of the message > > >---------------------------------------------- > > >To Unsubscribe: send mail to [EMAIL PROTECTED] > > >with "unsubscribe gb-users your_email_address > > >in the body of the message > > > > Jon Schlegel > > [EMAIL PROTECTED] > ---------------------------------------------- > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe gb-users your_email_address > in the body of the message >
