I'm running into problems trying to find
a PDC on an NT box behind a proxy.
All the packets are being masq'ed,
but I'm bad password errors on the PDC,
and my machine never successfully gets
hold of a network logon. I have DNS resolution
for Windows shares turned on, as well as
trying with and without WINS (pointing to a
server on the hidden side of the proxy).
When I put the machine on the public net,
it can log on fine. Is NetBIOS over TCP/IP
doing something either through service
announcements or logons that won't pass
through a proxy?
Any thoughts?
--
Bill Eldridge
Radio Free Asia
[EMAIL PROTECTED]
-----Original Message-----
From: Steve Helder <[EMAIL PROTECTED]>
To: Dave Cox <[EMAIL PROTECTED]>; [EMAIL PROTECTED]
<[EMAIL PROTECTED]>
Date: Thursday, June 11, 1998 9:44 PM
Subject: Re: [masq] [masq] [masq] IP - masquerade setup problems
>Wow, I learned alot from this message and have my ip masquerading working
>great!
>
>The problem was what dave had suggested and my IP masquerading was
disabled.
>
>I enabled it at the command line and I was in business.
>
>Thanks everyone
>-----Original Message-----
>From: Dave Cox <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
>Date: Thursday, June 11, 1998 6:41 PM
>Subject: Re: [masq] [masq] [masq] IP - masquerade setup problems
>
>
>
>You need to 'ipfwadm -F -p deny' first to set a default policy. then
>you can 'ipfwadm -F -a ...' to append forwarding rules to the default
>policy. Re-read the last sentence you quoted below.
>
>On 11 Jun 98 at 17:01, Bill Eldridge wrote:
>
>>From the man page:
>>
>> These rules regulate the acceptance of incoming IP
>> local network interfaces are checked against the
>> input firewall rules. The first rule that matches
>> with a packet determines the policy to use and will
>> also cause the rule's packet en byte counters being
>> adapted. When no matching rule is found, the
>> default policy for the input firewall is used.
>>
>>
>>If you deny everything first, then any packet will match
>>that denial, and be rejected. (which is the same way
>>Ciscos do it). Unless I'm horribly confused.
>>--
>>Bill Eldridge
>>Radio Free Asia
>>[EMAIL PROTECTED]
>>
>>-----Original Message-----
>>From: Joachim Feise <[EMAIL PROTECTED]>
>>To: Bill Eldridge <[EMAIL PROTECTED]>
>>Cc: Steve Helder <[EMAIL PROTECTED]>; [EMAIL PROTECTED]
>><[EMAIL PROTECTED]> Date: Thursday, June 11, 1998 4:54 PM
>>Subject: Re: [masq] [masq] IP - masquerade setup problems
>>
>>
>>>Bill Eldridge wrote:
>>>
>>>> Order matters, so if you deny everythingfirst, then the rules never
>>meet the allowclauses later. As mmy first guess.--
>>>
>>>That is not quite right, actually, it is wrong.
>>>For security reasons, you always should deny everything first, and
>>subsequently
>>>allow things like forwarding.
>>>Did you enable forwarding in the proc fs? Try adding this line to your rc
>>>script:
>>>echo 1 > /proc/sys/net/ipv4/ip_forward
>>>
>>>Oh, and please don't send HTML-formatted messages. ASCII is preferred (I
>>hope I
>>>didn't copy the tags over when I copied the text).
>>>
>>>-Joe
>>>
>>>> Bill Eldridge
>>>> Radio Free Asia
>>>> [EMAIL PROTECTED]
>>>>
>>>> -----Original Message-----
>>>> From: Steve Helder <[EMAIL PROTECTED]>
>>>> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
>>>> Date: Thursday, June 11, 1998 2:36 PM
>>>> Subject: [masq] IP - masquerade setup problemsI am attempting to
>>use IP-Masquerading on a newly
>>>> installed Redhat 5.1 Linux box. I am connected to my ISP using
>>PPP and can ping the nameservers from
>>>> Linux. I have followed the instructions in the Linux IP
>>Masquerade mini HOWTO by Ambrose Au for setting
>>>> up my Windows 95 machine. After I set it up I can ping the
>>ethernet card on the Linux box which is
>>>> 10.0.100.5 but can't get any further. (pinging the nameservers)
I
>>have setup the ipfwadm -F -p deny and
>>>> ipfwadm -F -a m S 10.0.100.0/24 -D 0.0.0.0/0 on the Linux box.
>I
>>am assuming I am close but missing
>>>> something. Any assistance would be appreciated Steve Helder
>>>
>>>
>>>--
>>>Joachim Feise Microsoft Certified Solution Developer
>>>mailto:[EMAIL PROTECTED] http://www.ics.uci.edu/~jfeise/
>>>mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
>>>---------------------------------------------------------------------
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: [EMAIL PROTECTED] For
>>additional commands, e-mail: [EMAIL PROTECTED] For daily
>>digest info, email [EMAIL PROTECTED]
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>For daily digest info, email [EMAIL PROTECTED]
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>For daily digest info, email [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
