RE: NAT'ed Domain Authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Bryan McAninch wrote:
> Hi all,
> 
> I am attempting to setup remote access domain login over an IPSec
> tunnel. The tunnel is between a Linux firewall with iptables &
> openswan, and a windows xp laptop; the internal domain controllers
> are 2003 servers. For routing purposes, I need to SNAT the laptop to
> one of our internal rfc 1918 addresses on the internal interface of
> the firewall. The problem I am encountering is getting the laptop to 
> successfully log on to the domain, and I'm certain it has something
> to do with the SNAT. 

You should be logging in using Windows LDAP. If you aren't giving the
Laptop a valid internal IP, I suppose you'd have to SNAT the incoming
traffic to the Linux firewall. Questions:

What can't you give the incoming host an internal IP?
Do you have two nested networks inside NAT'ed or do you not control the
allocation of IP's, or some other reason (no ProxyARP?)?

Why can't you login using LDAP or Kerberos? It shouldn't matter if
you're snated or not.

Can you access ANY service behind the firewall?

Do you log all soon to be dropped packets & do you see in the logs any
packets getting dropped when trying to login?




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux