That's a perfectly valid question. The dfgw on the target hosts is set to the IP of a protected interface on the gnatbox. So, yes, to the best of my knowledge it's correct.
This is the configuration that worked before. Thanks At 02:40 PM 7/24/2002 +0100, you wrote: >Also a silly question - routing is correct on target hosts...? Seen this >before where a ping works fine, but can't telnet... > >-----Original Message----- >From: Steve Leach [mailto:[EMAIL PROTECTED]] >Sent: 24 July 2002 14:32 >To: [EMAIL PROTECTED] >Subject: Re: [gb-users] GB 1000, 3.2.5 and double-nat > > >Errmmm - sorry - that was me not reading the full text....hmmmm.... > > >Best Regards, > >Steve Leach >Network Manager >MI International Limited >Eaglescliffe Logistics Centre >Durham Lane >Egglescliffe >URL: http://www.askalix.com >TEL: 01642 356205 >e-mail: [EMAIL PROTECTED] > > >----- Original Message ----- >From: "Steve Leach" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Wednesday, July 24, 2002 2:29 PM >Subject: Re: [gb-users] GB 1000, 3.2.5 and double-nat > > > > If I knew no better I would say it sounds like there was no alias or >inbound > > tunnel for the external subnet you are trying to connect to....these are > > definitely ok - yes? > > > > > > Best Regards, > > > > Steve Leach > > Network Manager > > MI International Limited > > Eaglescliffe Logistics Centre > > Durham Lane > > Egglescliffe > > URL: http://www.askalix.com > > TEL: 01642 356205 > > e-mail: [EMAIL PROTECTED] > > > > > > ----- Original Message ----- > > From: "denon" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Wednesday, July 24, 2002 9:54 AM > > Subject: [gb-users] GB 1000, 3.2.5 and double-nat > > > > > > > We recently updated a GB 3.2.5 and made a few changes to it's > > > filters/etc. After doing so, users on a natted internal subnet can no > > > longer hit external subnets via tcp which are on the GB (being passed > > > through with IP Passthrough). This worked fine before the upgrade. > > > > > > Basically, what's happening, is the traffic should be going like so: > > > > > > Workstation-Internal Subnet -> Gnatbox (NAT) -> > > > Same GB (IP Pass (external IP)) -> > > > Server-External Subnet > > > > > > It makes the request, seemingly making the tcp connection, but then > > > hangs. ICMP and UDP work fine. > > > > > > An example, if I telnet to port 25 on one of the external subnet mail > > > servers, it will open the telnet window and hang. I pass it a couple > > > carriage returns, and nothing happens. No banner - nothing. It will > > > eventually say the connection was lost to the host. > > > > > > The logs, surprisingly, don't seem to be showing anything but a standard > > > connection opening and closing. No errors that I see. > > > > > > Anyone else having stuff like this? I've tried adding "ACCEPT ANY ALL > > from > > > ANY to ANY" filters to the top of all the lists. (outbound, remote > > access, > > > IP Passthrough Filters, etc) to no avail. > > > > > > Suggestions? Bug Report? :) > > > > > > > > > Thanks. > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > To subscribe to the digest version first unsubscribe, then > > > e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > Archive of the last 1000 messages: > > > http://www.mail-archive.com/[email protected] > > > > > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >To subscribe to the digest version first unsubscribe, then > e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] >Archive of the last 1000 messages: > http://www.mail-archive.com/[email protected] > >This e-mail and its attachments are intended for the above named >recipient(s) only and may be confidential, legally privileged and protected >by law. If you are not a named addressee or have received this transmission >in error, please notify us immediately at [EMAIL PROTECTED] and then >delete this e-mail. As Internet communications are not secure we do not >accept legal responsibility for the contents of this message or >responsibility for any change made to this message after the original sender >sent it. Save for this legal notice, the contents or opinions contained >within this e-mail are solely those of the sender and do not necessarily >represent those of Two Way TV Ltd unless otherwise specifically stated. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[email protected]
