Hello everone!
After many hours, a lot of input from the readers of this list(huge thank you)
I've got a 90%+ reliable solution to the folowing issue.
A network is out of registered IP addresses. Rather than buy more numbers,
masquerade
more nodes using a Linux server connected to the same network. The
firewalling is
not done in the masquerade server, but, in an external firewall router.
The sucess has been mixed so far.
This is a simple setup of a single backbone with a private and registered IP
that I got to work.
1) You MUST have a wins server. Whatever Microsoft does in their logon stuff
demands this when two network numbers are involved.
2) You have to have a clear routing point to/from the two networks.
I use the masq server as the default gateway.
3) Multi-home(assign a reg and private ip address) the nic in the
pdc or bdc. This should make an NT box the browse master. You
must have an NT box as browse master or wins dosen't route properly
(from Microsoft). Also enable routing on the interface. NOT rip, just
routing. You won;t end up with route loops.
4) Set up the ethernet interface. I had the best luck with two nics plugged
into the same hub.
ifconfig eth1 <masq net node>
5) Set up the forwarding rules on the masq server.
I use - ipfwadm -F -a a -S <reg net> -D <masq net>
ipfwadm -F -a a -S <masq net> -D <reg net>
Then - ipfwadm -F -a m -S <masq net>
6) Make 100% sure your PDC is registering ALL the time with the wins server.
The best way to do this is in the IP setup for wins. Point both the
primary and secondary wins client fields to the same wins server on
the pdc and all bdc's. This avoids a race condition when registering
domain controllers with wins. (this came from Microsoft).
Notes about unresolved issues.
1) Usiing aliasing with Linux instead of two nics has been cranky.
2) If the network you're masquerading is another router hop away then logon
authentification is real shakey. Sometimes it's worked, sometimes not.
3) It is unclear if the routed daemon needs to be running. When using the extra
router hop away, it seemed to help. I used routed -g -s.
For a better understanding Microsoft has an article on their Technet CD entitled
"TCP/IP Rollout Issues". This explains pretty clearly how and what does/does
not route. You should be able to get a copy of it via Microsoft's web site.
Hope this helps.
Jeff
Thanks again to everyone that sent me suggestions. They all helped.
If there is any tweaking to be done I'll send it along.
Jeff Adams
[EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
