mailing list archives
RE: Domain login through a NAT / FW?
From: "Benjamin Meade" <ben () lanwest com au>
Date: Sun, 24 Nov 2002 20:27:47 +0800
Unless you have reason for the current arrangement, move the domain
controller in front of the NAT box, and they should be able to connect
fine. It will also mean that you can log login attempts to your domain
I can also vouch for squid. You will notice a HUGE difference in your
bandwidth use, and you also don't have to worry about sites like
friendgreetings.com. Just be aware that it will need a bit of tweaking
so your users can access the sites needed for work.
LanWest Pty Ltd
From: Quentin Hartman [mailto:qhartman () lane k12 or us]
Sent: Tuesday, 19 November 2002 2:36 AM
To: security-basics () securityfocus com
Subject: Domain login through a NAT / FW?
I am currently dealing with the following problems on a network
-Spurious bandwidth use (mostly from P2P applications) that is impacting
other critical applications
-Clients are using public IP's and running rogue services, which have no
legitimate need to.
-No way to contain problem machines
I plan to address these issues by moving most of the clients
behind IP-Tables based NAT servers / firewalls, BIND DNS caches, and
(possibly) Squid web caches.
One problem I am running into in testing this setup is that
clients are not able to authenticate to the domain controller on the
side of the NAT box. In writing this it occurred to me that I probably
to setup the NAT machine as a WINS proxy. Am I on the right track? Do
of you have suggestions for superior methods to address the problems
mentioned above? Is there another list you would suggest posting this to
that may be more appropriate than this one? I have prayed to google
repeatedly and not come up with anything relevant yet. The NAT boxes are
Linux Redhat 7.3, the domain controller is NT 4 (soon to be RH as well),
and the clients are windows 98se.
Academic Computing and Networking Services Coordinator
Fern Ridge School District 28J
Office: 541-935-2253 x429
qhartman () lane k12 or us