Security Basics mailing list archives
Domain login through a NAT / FW?
From: Quentin Hartman <qhartman () lane k12 or us>
Date: Mon, 18 Nov 2002 10:36:05 -0800
Colleagues-I am currently dealing with the following problems on a network a recently inherited:
-Spurious bandwidth use (mostly from P2P applications) that is impacting other critical applications -Clients are using public IP's and running rogue services, which have no legitimate need to.
-No way to contain problem machinesI plan to address these issues by moving most of the clients behind IP-Tables based NAT servers / firewalls, BIND DNS caches, and (possibly) Squid web caches. One problem I am running into in testing this setup is that clients are not able to authenticate to the domain controller on the other side of the NAT box. In writing this it occurred to me that I probably need to setup the NAT machine as a WINS proxy. Am I on the right track? Do any of you have suggestions for superior methods to address the problems mentioned above? Is there another list you would suggest posting this to that may be more appropriate than this one? I have prayed to google repeatedly and not come up with anything relevant yet. The NAT boxes are Linux Redhat 7.3, the domain controller is NT 4 (soon to be RH as well), and the clients are windows 98se.
-Regards- -Quentin Hartman- Academic Computing and Networking Services Coordinator Fern Ridge School District 28J Elmira, OR Office: 541-935-2253 x429 Cell: 541-914-2989 qhartman () lane k12 or us www.fernridge.k12.or.us
Current thread:
- Domain login through a NAT / FW? Quentin Hartman (Nov 22)
- RE: Domain login through a NAT / FW? Benjamin Meade (Nov 25)