Hello all,
I was wondering if someone could help me out a bit with a small problem
I'm having with IP Masquerading.
Setup:
This may sound odd and impracticle, but it's at a remote site that I
won't get to to change for a while so please don't respond with "hay
dummie, that's a lame setup"
we have a frame relay line comming into a router with 'bout 20 NT
machines & 1 linux machine. We own 32 IP addresses from (a made up
block, i don't want to divulge the real block) 200.150.100.224 -
200.150.100.255 with the router being .225
The physical makeup is the router goes to a hub where all machines are
plugged into (nt workstations & linux server). The linux serrver has
the following configuration
IPADDR: 200.150.100.226
NETMASK: 255.255.255.224
NETWORK: 200.150.100.224
BROADCAST: 200.150.100.255
GATEWAY: 200.150.100.225
It only has one network card because it plugs into the hub only. The
other NT Machines all have real IP addresses in that block and are
plugged into the hub with the linux machine. However, they don't have
the router as their gateway, they have the linux machine as they're
gateway. The linux machine is doing IP Masquerading by the following
commands (basic, i know)
/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -F -a m -S 200.150.100.224/255.255.255.224 -D 0.0.0.0/0
So basically it's masquerading for machines that have real IPs. But the
way the network is setup physically traffic outgoing from the NT
machines go into the hub, out to the linux machine, back into the hub
and into the router. Of course from outside you can still go directly
to any of the NT machines because they're in the hub too.
This was all good, The machines are kinda sorta masquerading, at least
outgoing traffic. However, whenever one of the NT machines goes to a
website for the *first* time they get an error in their browser that the
remote server reset the connection. Then, if they reload the page it
reloads fine. anytime they go back to that site it loads fine too. But
as soon as they go to a page that they've never been to before, it
resets the connection for the first visit to the page.
I'm almost positive this has something to do with the wierd masquerading
situation that I can only attest to not being the one that set it up.
Can anyone suggest a fix I can do remotely until I can get up there and
fix the mess?
-Brian
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
