There is a section on using NT as a router in the NT On Line Manual and in
the resource kit. The original version in 3.5x did leave out one regestry
entry though nd did not mention that it would reset this entry if you
changed any bindings or added/removed a modem though. :) The only thing in
connected toa PM is to set NT to allow any auth including clear text.
>focus sections on "Network Address Translation/IP Masquerading", their
>configuration on the PM side,
*Currently* that is not a PM issue.
> Radius entries with examples etc.
There are a number of routing examples in the radius and PM config manuals.
>And later
>if the document is found useful a standardised description of
>permitting
>SMTP services for use by client domains. (
All that is really needed is a (Ok lets see if I rember this) a Bastion SMTP
host that knows both a live IP and how to get to the private IPs. an
example is if you have your ISP mail server as a 30 MX record, the Proxy
server as a 20 MX, and the actually mail server as a 10 MX on the private
network. If the proxy is up the mail goes to it and it forwarsds it to the
server on the private IP network. If it is down it is stored on the ISP
server untill the proxy is up. You can learn about MX routing in DNS/BIND
and the Sendmail O'Riley books.
>Of course, if this document did exist, it would probably reduce
>somewhat the need to have PM's on the client side to dial-in to the PM's at
>our POPs.... so while counter-business-intuitive, it simply allows
>more flexible usage of PortMasters for more number of downstream LAN
>customers.
It's all there. It would really be compiling a number of different sources
that exist and trying tto keep it all in synce and up to date.
>they all want E-mail, Internal web browsing, POP etc. all through a NT
>or Linux box.
Personal opionion from someone whos's home lan has been linked by Linux, NT
and now an OR to route to the office lan. Using NT or other box is route is
ok but you just can not beat a true router.
>Supplementary question, since the PM is on our side, is there anything
>special we have to configure except to route the appropriate subnet
>block to that assigned port via radius, and then (somehow?) configure
>the RRAS on the NT to masquarade/nat the ip block (to/from fake to
>real ip block) upon dial-up?
Route if they are using Live IPs. IF translating you need to use the Proxy
server or VPM from the Proxy box to the other side.
Tom
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>