Firewall Wizards mailing list archives
Re: [Fwd: [Fwd: Firewall blocking broadcasts in between NT Servers]]
From: mike.parsons () wachovia com
Date: Fri, 24 Jul 1998 12:02:05 -0400
Part of your problem may be related to an old vestige of Netbios ecnapsulated in IP. In that circumstance, your best bet may be to either get a packet filter capable of "NAT"ing addresses in the payload (CISCO's PIX comes to mind) or move the servers to segments protected by the firewalls with routable addresses and using a redirect on the untrusted interface of the firewalls to in effect publish those addresses to the outside. This way, you can overcome the deficiencies in the way Microsoft handles IP addressing in NT. (BTW, I sincerely hope they fix this in version 5.0 of NT if it's ever released as GA. gibbs () netquest com on 07/22/98 04:19:52 AM Please respond to gibbs () netquest com To: firewall-wizards () nfr net cc: (bcc: Michael Parsons/CCI/WACH) Subject: [Fwd: [Fwd: Firewall blocking broadcasts in between NT Servers]] Return-Path: <Wayne.vanVelthoven () nrc ca> Received: from polaris.nrc.ca ([132.246.160.10]) by vega.netquest.com (Post.Office MTA v3.1.2 release (PO205-101c) ID# 0-37888U2500L250S0) with ESMTP id AAA213 for <borkin () netquest com>; Sun, 19 Jul 1998 14:57:02 -0400 Received: by polaris.nrc.ca with Internet Mail Service (5.5.1960.3) id <3C9RXBV2>; Sun, 19 Jul 1998 14:49:29 -0400 Message-ID: <5A290E5510AED111BD5D00805FFE7EF47801A7 () polaris nrc ca> From: "vanVelthoven, Wayne" <Wayne.vanVelthoven () nrc ca> To: "'borkin () netquest com'" <borkin () netquest com> Subject: RE: [Fwd: Firewall blocking broadcasts in between NT Servers] Date: Sun, 19 Jul 1998 14:49:05 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain I haven't been able to solve that one. The firewall is doing IP masquerading thing and I don't know how to handle that. I tried using LMHOSTS files all over as well as WINS static entries, but somehow the PDC is still getting told about the wrong IP address. The only way I can see that happening is if the web server is sending the PDC messages like "according to my records, my own IP address is..." as opposed to "the IP address on this packet is mine". So that amounts to the content of the packet, which the firewall cannot translate. The only thing (I think) I can do is to take the server out of the domain and make it completely stand-alone. We'll have to maintain an extra SAM database, but at least the alerts will stop. Nothing so far has helped with the masquerading problem, including endless searches in the knowledge base. Maybe I've missed something, but for now I'm just telling them it can't be done. If you hear about any new ideas to solve this, please let me know. Thanks very much for your help, Mike and everyone else who replied. Wayne van Velthoven, MCP National Research Council Canada -----Original Message----- From: borkin () netquest com [SMTP:borkin () netquest com] Sent: 1998-07-17 (Friday) 22:19 To: wayne.vanvelthoven () nrc ca Subject: [Fwd: Firewall blocking broadcasts in between NT Servers] Wayne, I hope this has helped you.. let me know if and how you solved the problem so I can pass it back to the people who helped. I think that the posts that you'll receive on this are pretty much at an end unless I re-post what the current situation is. Mike << Message: Re: Firewall blocking broadcasts in between NT Servers >>
Current thread:
- Re: [Fwd: [Fwd: Firewall blocking broadcasts in between NT Servers]] mike . parsons (Jul 24)