I have the following virtual domain set up; IPCop 1.4.15 and 4 Windows 2003
servers, 1 with Exchange 2003, installed in VMWare Server. The "Extra
Interfaces" add-on is installed in IPCop allowing the use of a Gray
interface that has more flexibility than the IPCop Blue interface. SNAT is
also installed in IPCop. I'm pretty sure that the issues I have are routing
related...
The purpose of this setup is for a Disaster Recovery study. All of the
hosting site servers and computers would be behind the remote site firewall
with specific rules allowing only access to VPN, webmail and web site in the
VMware instance. The clients on LAN2 would have access to the virtual domain
as any normal domain with user and group rights, group policy, domain
resources, etc...
As shown in the diagram found here
(
http://dlr.gcfa.googlepages.com/ipcopdiagram.jpg), everything except
Client1 (Windows XP Pro) is running within a Virtual Server, for now, on a
Vista machine (on Windows 2003 when everything is working). Red interface
(external IP) connected to one of the Vista NICs, Client1 connected directly
with a crossover cable to the other NIC and set up with a static IP for now.
Everything is working just fine except issues with the Client machine (Gray
interface).
Red: eth1 - yyy.yyy.yyy.210 - SN 255.255.255.0
- DNS1 zzz.zzz.zzz.37 - DNS2 zzz.zzz.zzz.144 - GW yyy.yyy.yyy.1
- Bridged with LAN1
Green: eth0 - IP 10.165.21.2 - SN 255.255.255.128
- Server1: IP 10.165.21.6 - SN 255.255.255.128 - GW 10.165.21.2
IP 10.165.21.12 - SN 255.255.255.128 - GW 10.165.21.2
- Server2: IP 10.165.21.7 - SN 255.255.255.128 - GW 10.165.21.2
Orange: eth2 - IP 10.165.20.2/24 - SN 255.255.255.0
- Server3: IP 10.165.20.6 - SN 255.255.255.0 - GW 10.165.20.2
- Server4: IP 10.165.20.3 - SN 255.255.255.0 - GW 10.165.20.2
Gray: eth3 - IP10.165.21.129 - SN 255.255.255.128
- Bridged with LAN2
- Allow access to IPCop DNS
- Allow access to Red HTTP
- Allow access to Red DNS
- Allow access to Red TCP, UDP and ICMP
- Client1: IP 10.165.21.141 (st) - SN 255.255.255.128 - GW 10.165.21.129
Server1 on Green
- can ping eth2 - server3 - server4 - eth3
- cannot ping anything else on Gray
- resolves nslookup query through server1 and can surf the net
Server3 on Orange
- can ping eth0 - server1 - server2 - eth3
- cannot ping anything else on Gray or anything on the outside
- can resolve nslookup query through server3 and can surf the net
Client1 on Gray:
- can ping eth0 - server1 - server2 - eth2
- can ping Server1 by its NetBIOS name
- can map and access shares on Server1
- cannot ping anything on the outside
- resolves nslookup query through server1 and cannot surf the net
- cannot join the virtual domain
- cannot receive DHCP info from Server1
SNAT is installed on IPCop and configured for VPN, WEB and WEBMAIL access.
Access to Webmail, the VPN connection and surfing on the virtual website
work just fine from an outside computer.
The implemented port forwarding rules are:
1,0,gre,GRE,10.165.21.12,GRE,on,0.0.0.0,0.0.0.0/0,
2,0,udp,500,10.165.21.12,500,on,0.0.0.0,0.0.0.0/0,
3,0,tcp,80,10.165.20.3,80,on,0.0.0.0,0.0.0.0/0,
4,0,tcp,25,10.165.20.6,25,on,0.0.0.0,0.0.0.0/0,
6,0,tcp,1723,10.165.21.12,1723,on,yyy.yyy.yyy.212, 0.0.0.0/0,
7,0,tcp,80,10.165.20.3,80,on,yyy.yyy.yyy.203,0.0.0 .0/0,
8,0,tcp,25,10.165.20.6,25,on,yyy.yyy.yyy.206,0.0.0 .0/0,
9,0,tcp,80,10.165.20.6,80,on,yyy.yyy.yyy.206,0.0.0 .0/0,
10,0,tcp,1:65535,10.165.21.6,1:65535,on,10.165.21. 129,0.0.0.0/0,
11,0,udp,1:65535,10.165.21.6,1:65535,on,10.165.21. 129,0.0.0.0/0,
12,0,tcp,1:65535,10.165.21.129,1:65535,on,10.165.2 1.6,0.0.0.0/0,
13,0,udp,1:65535,10.165.21.129,1:65535,on,10.165.2 1.6,0.0.0.0/0,
Gray will need to:
- Join the virtual domain
- Use DHCP on Server1
- Surf the net
I've messed around with lots of stuff, but no go... I'm not a routing guru!
If needed, Gray clients could get an IP from the IPCop DHCP server. Could
that IP then be NATed to the Green subnet, thus allowing the client to join
the domain and get a DHCP address? Would Iptable entries be the way to go?
Is this at all possible anyway?
Any ideas are welcome! Thanks
Dave
Similar Threads
Linear Mode
