/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */ Well after a day, the problems have slowed but have still not stopped. I really thought that it was a problem with the new transport (no NetBios - Directly on TCP) but it appears that it is more likely a problem with Win2K itself. The external Win2K server will never initiate a session... The new sessions are always established internally. Port forwarding would work if the server was trying to initiate a connection to a specific internal machine, but that is not the case here. Just to eliminate the possibility that there was something wrong with my Debian box, I tried replacing it with a Linksys BEFSR41 (NAT device) but I still experienced the same problems. Everything went smoothly for a few hours and then one by one, the computers refused to connect to the external server. My new pet theory is that Win2K doesn't like multiple sessions coming from one IP. Does that make sense? Thanks, Bob. ----- Original Message ----- From: "raf" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, January 09, 2001 7:23 PM Subject: Re: [Masq] Errors connecting Win2K to Win2K through ip masq. > /* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! > /* ALSO: Don't quote this header. It makes you look lame :-) */ > > > Bob Fowler wrote: > > > We have recently encountered a problem that seems to be indirectly related > > to IP MASQ. We have a Debian box running kernel 2.2.17 which connects to > > the Internet through a cable modem. Internally we use IP masquerading with > > private addresses. <SNIP> > > > > All hope is not lost however... While writing this I realized I could force > > Win2K to use the backward compatibility mode by blocking port 445. I have > > added the following line to my init script: > > /sbin/ipchains -A input -p TCP -s 192.168.3.0/24 -d 0/0 445 -j DENY > > maybe what you needed to do was port forward 445 somewhere (but where?) > if the external win2k host was initiating the connections. if so, a new > module probably is needed so stick with your current workaround until > someone feels the need to write one. > > raf _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
