RE: [(ASCEND) NAT and Default Server on p130 at 6.1.17]

To: "Maverick" <maverickthegreat@netscape.net>
Subject: RE: [(ASCEND) NAT and Default Server on p130 at 6.1.17]
From: "Paul B. Davidson" <p_davidson@ameritech.net>
Date: Mon, 14 Jun 1999 11:30:53 -0500
Cc: <ascend-users@bungi.com>
Importance: Normal
In-Reply-To: <19990614041115.19164.qmail@ww182.netaddress.usa.net>
Sender: owner-ascend-users@max.bungi.com

Maverick, and all:
I tried the suggestion offered, and came up with some very interesting
conclusions- I'm wondering if anyone can confirm or deny what's going on,
and possibly tell me how to correct for it.

What I did was to remove the mappings, then change the default server to the
pipeline itself- good news, I could still telnet into it from the Internet-
so default server is working.  But, I no longer could see my web server- not
good.  All right- time to go find the mappings for the web server, and turn
it back on- whoops, there *aren't* any.  So, default server has been working
all along.. hmm, that's interesting.

So I dug a little further.  We run a remote maintenance application, that
runs on port 6910 of our web server, using a single TCP port.  I've got a
static mapping for it- put it in a while back.  All right, change the
default server back to the web server.. web server now seeable from the
Internet- good thing.  Now, drop the default mapping for 6910- uh-oh.  Now
the application doesn't work.

After some experimentation, I've come up with some odd things.  Ports 25,
110, and 80 have no problems being handled by the p130's default server
setting- they route through as appropriate.  Other ports, however, do *not*
work.  UDP ports seem to fail always (I tested running NetBIOS, and it did
not work, though it does with static mappings in for it), ports not listed
in the 'normal' /etc/services files (by normal I mean what I vaguely
remember, I don't usually run UNIX, and who knows how accurate MS's is).

It almost sounds as if Ascend has embedded an /etc/services into the
firmware someplace, and only routes what it finds in that table to the
default server.  I've not seen any place that lets me change it, nor can I
prove that this is happening- but I smell a rat nonetheless.

Can anyone shed some light here?

-Paul

-----Original Message-----
From: Maverick (mailto: link deleted to protect the innocent)
Sent: Sunday, June 13, 1999 11:11 PM
To: Paul B.Davidson
Subject: Re: [(ASCEND) NAT and Default Server on p130 at 6.1.17]


To verify if the Def server is working, remove all the static
mappings and just point Def Server to the IP address
of the pipeline and try telnetting into the pipeline
from the internet. If you can telnet into the pipeline
then Def server is working and then you can add
static mappings also,  otherwise it's not.




"Paul B. Davidson" <p_davidson@ameritech.net> wrote:
Greetings, all.. somewhat of a lower-end question for this group, but I'm
sending it along in hopes that someone has an answer.  I've asked Ascend's
web site (no reply), my ISP (who did the original config and sold us the
pipeline, and have no clue why this is happening), so I'm hoping someone
here has seen it before.

We're running NAT on our p130, routing from an external T1 to our ISP, to
our internal lan, which is exclusively private addressed, and has a server
on it for mail & web services.  All works very well- at releases before
6.1.17, we had lots of problems with NAT, causing us to have to reboot the
pipeline every 2-3 days, thanks to some sort of memory leak.  We've been
stable now for a number of months, and I'm not crazy about upgrading unless
someone here has had direct experience- if it aint broke, I'm not planning
on 'fixing' it.  Currently, about 8 of the 10 available static mappings are
in use on the pipeline's NAT config.

Most of the static mappings, however, point to our mail/web server- port 80,
port 25, port 110, and a few others for miscellaneous odd things we're
running.   Given some new software we'd like to run in the office, I'd like
to free up those mappings for other purposes- so, the manual says (famous
last words), set the Default Server to be the mail/web server
(172.16.25.250), and remove the mappings.

The only problem is- it doesn't work.  No matter what we set up, reboot,
etc, the only ports that get routed through NAT are those set up as static
mappings, not the default server.

Obviously, I know enough to be dangerous, but not enough to be able to fix
the problem- if anyone out there has any experience or comments with this,
I'd love to hear back. TIA.


++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

Prev by Date: (ASCEND) Recommendations
Next by Date: (ASCEND) Re: DSLPipe & Firewalling
Prev by thread: (ASCEND) Recommendations
Next by thread: (ASCEND) Re: DSLPipe & Firewalling
Index(es):
- Date
- Thread