NAT OK for adjescent networks, but not for internet behind cisco
|
We have set up NAT (static on kernel 2.0.35).
Configuration:
[internet]-cisco-<unsecure internet line>-firewall-<secure line> The unsecure internet line is a line inside the office. The firewall has NAT and maps 5 external addresses to the internal net. cisco and the test PC on the unsecure internet have direct routes to these five addresses (that are part of the subnet) via the linux/firewall gateway. It works fine between a test PC on the unsecure internet line and our servers on the secure line. http, smtp and Lotus notes are working fine. Furthermore http and smtp to the external internet are working properly from all pcs, even from the servers on the secure line with NATed addresses. BUT: SMTP in and HTTP in (to port 25 and 80) are only working from the test PC to the servers but not from a PC on the internet to the servers. Notes SMTP agent gets a request on port 25 but cannot send back (tries to send to address 0.0.0.0) Lotus Notes connections to port 1352 are working properly in both ways. It's bizarre. Is there a bug withing NAT not being able to translate low-port addresses correctly? The behaviour is the same if the firewall is shut down (default rule: accept everything) Please help!
|
Messages
Outline:
should work... by Michael Hasenstein, 1/04/99 
Problem found in Cisco routing by Dave Gregory, 1/04/99
