Brian, I'm not familiar with Virtual LAN tech. yet so I'll have to check into that.
What about this idea that came to me as I was reading your responses.
- Dedicate a second GNAT Box to the server host such that its EXT interface was connected to the PSN of the main GNAT Box with its PRO interface (I think a GB-Lite installation should work) connected to the server host.
- Set up the server host on its original, as-planned Internet IP using the second, dedicated GNAT Box to insulate the server host and its registered IP from the PSN of the main GNAT Box.
- Use either IP Pass Through and Routing through both Boxes -OR- a "double NAT" arrangement through both boxes to complete the connection.
[EMAIL PROTECTED]
At 12:39 PM 10/8/01 +0100, Brian Adams wrote:
--------------------- Attention -----------------------------
A digest version of this list is now available.
Send email to [EMAIL PROTECTED], with the following message:
subscribe gb-users-digest your_email_address
Then unsubscribe from this list.
-------------------------------------------------------------
GNAT Box User Forum http://www.gnatbox.com/cgi-bin/Ultimate.cgi
Send postings to: [EMAIL PROTECTED]
Access the list archives at: http://www.gnatbox.com/gb-users/
-------------------------------------------------------------
Jon,
We have a similar problem with MS Exchange, which is why we use pass-through
(brute force solution - but it works!) The problem occurs because the MTA
passes source IP addresses as part of the payload, not just in the packet
header - NAT it appears, can't see this information, and therefore cannot
translate it. I would imagine that your problem is similar - the "redirect"
is part of the data on a web page - NAT has no way of knowing the difference
between legitimate data, and addresses which must be translated.
It may be possible to look at the redirect - we have a Filemaker Pro server
which redirects like this when we type in its IP address -
http:\\10.10.10.200/FMRes/FMPro . If this is similar to what happens with
your application, you may be able to use the entire redirect string to
connect to your embedded web server, just by substituting the EXT address
for the real PRO one. However, this will only work if subsequent page
references from the embedded server are relative to the root page, rather
than absolute, because absolute references will always include the true IP
address of the server. If this will not work, you really do have a problem!
You can't make your private IP address available via the internet, and I
presume you don't really want to have to aquire public IP addresses for your
PRO. How many people need to use the embedded server from outside? If it
is only one or two, have you considered using a VLAN connection? (You will
need to buy the VLAN client for your GNAT Box).
Regards
Brian Adams
> -----Original Message-----
> From:Jon Schlegel [SMTP:[EMAIL PROTECTED]]
> Sent:08 October 2001 12:03
> To:Brian Adams; [EMAIL PROTECTED]
> Subject:Re: IP Pass Through from PSN to EXT interface Setup Problems
>
> Thank you for the informative response Brian,
>
> The instant you mentioned the giving routes to the GNAT Boxes I realized
> what was going on. My level of understanding thus incrementally
> increased.
>
> My reason for attempting this in the first place is that the server I am
> implementing has an imbedded web server for remote access control. The
> basic server function works f\just fine through NAT but for some reason,
> the imbedded web server apparently does not get NATed properly. I can
> access it on the PROtected network via the EXTernal Internet address but
> when I do, the browser "redirects" to the internal 192.168.x.x address.
>
> More surprising than that is what occurs when I attempt access to it on
> the
> Internet via a separate route. Once again the browser is redirected to
> the
> internal 192.168.x.x address which of course does not route. My reason
> for
> attempting the IP Pass Through then was to get the was to get the
> 192.168.x.x address out of the picture in hopes that things would start
> working (albeit by brute force). Now that I realize that Pass Through
> will
> not work, I guess it's time to get the packet sniffer going and solve the
> problem in a correct manner.
>
> Thanks again, Bian.
>
> Jon
>
> At 09:20 AM 10/8/2001 +0100, Brian Adams wrote:
> >--------------------- Attention -----------------------------
> >A digest version of this list is now available.
> >Send email to [EMAIL PROTECTED], with the following message:
> >subscribe gb-users-digest your_email_address
> >Then unsubscribe from this list.
> >-------------------------------------------------------------
> >GNAT Box User Forum http://www.gnatbox.com/cgi-bin/Ultimate.cgi
> >Send postings to: [EMAIL PROTECTED]
> >Access the list archives at: http://www.gnatbox.com/gb-users/
> >-------------------------------------------------------------
> > > Jon,
> > >
> > > As I understand it, what you suggest will not work. Pass through
> means
> > > precisely that - the real IP address of your server will be passed
> through
> > > from one network to another. I presume from the address range on your
> EXT
> > > network that it is connected to the internet? If so, you can't pass
> > > through the 192.168.x.x address, since no-one on the internet will
> know
> > > the route to it. (We use pass through on a set of GNAT boxes which
> > > interconnect parts of our organisation, but this only works because
> each
> > > GNAT box has been given the route to the PSN's of the other GNAT boxes
> -
> > > but you can't tell someone else's router how to get to your PSN).
> > >
> > > Why use pass through? Why not use an alias on your EXT, and tunnel
> this
> > > to the real address on the PSN? (The only reason for not doing this
> would
> > > be if the process being run on the EXT connected machines must know
> the
> > > actual address of the NT server, but I can't imagine what you might be
> > > doing to make this the case.)
> > >
> >Regards
> >
> >Brian Adams
> > > -----Original Message-----
> > > From: Jon Schlegel [SMTP:[EMAIL PROTECTED]]
> > > Sent: 08 October 2001 05:50
> > > To: [EMAIL PROTECTED]
> > > Subject: IP Pass Through from PSN to EXT interface Setup Problems
> > >
> > > --------------------- Attention -----------------------------
> > > A digest version of this list is now available.
> > > Send email to [EMAIL PROTECTED], with the following message:
> > > subscribe gb-users-digest your_email_address
> > > Then unsubscribe from this list.
> > > -------------------------------------------------------------
> > > GNAT Box User Forum http://www.gnatbox.com/cgi-bin/Ultimate.cgi
> > > Send postings to: [EMAIL PROTECTED]
> > > Access the list archives at: http://www.gnatbox.com/gb-users/
> > > -------------------------------------------------------------
> > > Hello everyone,
> > >
> > > I'm using GB-Pro 3.2.1 and would like to connect a server running on
> NT
> > > 4.0
> > > on the PSN to the EXT network via IP Pass through. The PSN interface
> is
> > > set up to a Class C internal address (192.168.x.x) where some other
> > > servers
> > > are running NAT to the EXT network. Running IP Pass Through will
> require,
> > >
> > > it seems, for the server host to be set up for one of my EXT network
> IPs
> > > of 216.42.x.x even though it will exist on the 192.168.x.x network
> of
> > > the PSN interface.
> > >
> > > Is this doable? If so, what GNAT Box setup is required? Just as
> > > important, what NT networking setup is required? Do I use the EXT
> network
> > >
> > > router IP as the default gateway or do I use the PSN interface IP?
> > >
> > >
> > > Jon Schlegel
> > > [EMAIL PROTECTED]
> > >
> > > ----------------------------------------------
> > > To Unsubscribe: send mail to [EMAIL PROTECTED]
> > > with "unsubscribe gb-users your_email_address
> > > in the body of the message
> >----------------------------------------------
> >To Unsubscribe: send mail to [EMAIL PROTECTED]
> >with "unsubscribe gb-users your_email_address
> >in the body of the message
>
> Jon Schlegel
> [EMAIL PROTECTED]
----------------------------------------------
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe gb-users your_email_address
in the body of the message
