Re: routing to internal network issue.|
Bret Hughes <bhughes,AT,elevating,DOT,com>|
Tue, 25 Feb 2003 23:23:10 +0100|
On Tue, 2003-02-25 at 16:19, insecure,AT,mail,DOT,od,DOT,ua wrote:
> On Monday 24 February 2003 21:56, Bret Hughes wrote:
> > OK onward and upward in the effort to get xp talking to a redhat 8.0
> > server running cipe-1.4.5 from the redhat rpm.
> > what works:
> > xp box can connect to server fine on local net\
> > xp box can connect to server via dialup connection (xp side ) and port
> > forwarding done by a cisco pix 506. a conduit is setup for the udp port
> > in use on the server for this interface (7777).
> > what doesn't work:
> > routing of packets through server to lan. well it sort of does, read on
> > please.
> > By adding the route to windows for the internal lan I get packets sent
> > to an internal linux other than the cipe gateway. THe ipaddress of this
> > box is 10.0.0.212. I can see these packets via ethereal. the real issue
> > is that the return packets are sent to the default route (the pix
> > firewall). I thought that be specifying a route and enableing
> > forwarding that packets destined for sambatest would be sent to the
> > cipegateway which would then forward it on to sambatest and I hoped that
> > magic happened and sambatest would know to send the packets back to the
> > gateway since that is where it came from. Obviously that did not
> > happen.
> You must set up correct routing in both directions if you need
> full connectivity (from remote box *and* to remote box).
> I got away with masquerading because I did not need to initiate connections
> *to* remote box:
Yep you are right. In fact I can connect to a samba share on a linux
box but not an NT4 share even though they both use domain
authentication. I punted on the snat about two hours ago and added the
return routes on the servers and we are jamming. No domain browsing but
we are getting to a usable solution I believe.