|
||||||||||||
|
|
|
|
 |
||||||||
 |
Need help trouble shooting static nat |
 |
|
 |
09-11-2008, 11:54 AM
|
#1 |
|
Guest
Status:
Posts: n/a
|
Need help trouble shooting static nat
GWIA server Netware 6.5 sp7 we have 8 static nat addresses set up and they have all been working fine for years, then one of them stopped working (our GWIA) I can not figure out how to get it working. All the rest of the static nat addresses are working fine. I have tried: rebooting border server and mail server deleting the static NAT reinitializing adding it back in changing NIC cards on the GWIA server unloaded filters What am I missing? Thanks |
|
 |
 |
 |
|
Re: Need help trouble shooting static nat |
|
|
|
|
09-15-2008, 09:58 AM
|
#2 |
|
Guest
Status:
Posts: n/a
|
Re: Need help trouble shooting static nat
More info.
I added a secondary ipaddress on the GWIA server, and set up a NAT to that address on the BM server and that works fine. I might just change the address of the gwia to the secondary ip address, but would really like to figure out what is going on. Luke wrote: > Bordermanager 3.7 sp3, Netware 5.1 sp8 > GWIA server Netware 6.5 sp7 > > we have 8 static nat addresses set up and they have all been working > fine for years, then one of them stopped working (our GWIA) I can not > figure out how to get it working. All the rest of the static nat > addresses are working fine. > > I have tried: > rebooting border server and mail server > deleting the static NAT reinitializing adding it back in > changing NIC cards on the GWIA server > unloaded filters > > What am I missing? > > Thanks |
|
|
|
|
|
|
Re: Need help trouble shooting static nat |
|
|
|
|
09-22-2008, 04:38 PM
|
#3 |
|
Guest
Status:
Posts: n/a
|
Re: Need help trouble shooting static nat
In article <e_szk.6824$gS5.1962@kovat.provo.novell.com>, Luke wrote:
> I added a secondary ipaddress on the GWIA server, and set up a NAT to > that address on the BM server and that works fine. I might just change > the address of the gwia to the secondary ip address, but would really > like to figure out what is going on. > This sounds like an interesting issue. Could it be a duplicate IP address with the primary GWIA? If you look at the IP Translation table in TCPCON, do the mac addresses match for the primary and secondary IP addresses? (Do you even have an entry for both? Try pinging both addresses). Craig Johnson Novell Support Connection SysOp *** For a current patch list, tips, handy files and books on BorderManager, go to http://www.craigjconsulting.com *** |
|
|
|
|
|
|
Re: Need help trouble shooting static nat |
|
|
|
|
09-24-2008, 10:58 AM
|
#4 |
|
Guest
Status:
Posts: n/a
|
Re: Need help trouble shooting static nat
It is interesting, it stumped me for a long time (still stumped). I
haven't looked at it because I have the problem worked around. In TCPCON it shows both addresses with the same MAC, I can ping both fine from the BM, but not from the outside. Craig Johnson wrote: > In article <e_szk.6824$gS5.1962@kovat.provo.novell.com>, Luke wrote: >> I added a secondary ipaddress on the GWIA server, and set up a NAT to >> that address on the BM server and that works fine. I might just change >> the address of the gwia to the secondary ip address, but would really >> like to figure out what is going on. >> > This sounds like an interesting issue. > > Could it be a duplicate IP address with the primary GWIA? > > If you look at the IP Translation table in TCPCON, do the mac addresses > match for the primary and secondary IP addresses? (Do you even have an > entry for both? Try pinging both addresses). > > Craig Johnson > Novell Support Connection SysOp > *** For a current patch list, tips, handy files and books on > BorderManager, go to http://www.craigjconsulting.com *** > |
|
|
|
|
|
|
Re: Need help trouble shooting static nat |
|
|
|
|
09-24-2008, 02:55 PM
|
#5 |
|
Guest
Status:
Posts: n/a
|
Re: Need help trouble shooting static nat
Have a look at tip #48 at the URL below.
Have you rebooted the internet router through any of this? (To clear the ARP table there). Craig Johnson Novell Support Connection SysOp *** For a current patch list, tips, handy files and books on BorderManager, go to http://www.craigjconsulting.com *** |
|
|
|
|
|
|
Re: Need help trouble shooting static nat |
|
|
|
|
09-24-2008, 05:44 PM
|
#6 |
|
Guest
Status:
Posts: n/a
|
Re: Need help trouble shooting static nat
I had already looked at that tip, I went thorough it again and nothing
there is the issue. The internet router just could be it, we have a fiber internet connection in the bldg, so we do not have access to the router. I had rebooted the media converter but that made no difference. Craig Johnson wrote: > Have a look at tip #48 at the URL below. > > Have you rebooted the internet router through any of this? (To clear > the ARP table there). > > Craig Johnson > Novell Support Connection SysOp > *** For a current patch list, tips, handy files and books on > BorderManager, go to http://www.craigjconsulting.com *** > > |
|
|
|
|
|
|
Re: Need help trouble shooting static nat |
|
|
|
|
09-24-2008, 07:16 PM
|
#7 |
|
Guest
Status:
Posts: n/a
|
Re: Need help trouble shooting static nat
When you changed the NAT, did you use a second public IP address, or
just change the old public IP to the new secondary private IP address? I'm wondering if the traffic isn't routing to you. You might try this test: 1. Take off the NAT, and leave the public IP address on the BMgr server. 2. Unload IPFLT or add ICMP exception to allow ping to/from the public NIC. 3. Ping the public address from BMgr, and internal hosts, to make sure it works. 4. Load filters. Set filter debug=on and then set icmp forward filter debug=1 to be able to see ICMP (allowed) packets. Or set icmp discard filter debug=1 to see filtered pings, if your filtering denies ICMP. Now ping from inside or the server and check the logger screen to see if you can see the icmp packets there. If so, go on to the next step. 5. Ping the secondary from the outside. If you don't see any icmp packets, then your traffic is not reaching the server. (You can also use PKTSCAN to capture and view packets if you don't want to use filter debug). 6. If you do see packets coming in, then put the NAT back on, and check again. You want icmp filter exceptions in now, to allow inbound icmp, so you can see the traffic after nat happening (or use pktscan.nlm). That should tell you something useful. You can also use ARP Debug to see the arp packets, and replies. If you have bridged connection, you might be seeing some problematic arp traffic, but my experience that is that if you have an arp issue, it would affect all secondaries on a bridged connection, not just one. If the IP address of the problem address could fall on a broadcast or network address, depending on the subnet mask, perhaps the ISP made a change to subnet mask that is causing traffic to your address not to get to you. It is essential at this point to see if traffic is making it to BMgr from the internet or not. With icmp exceptions, or ipflt unloaded, you want to also tracert to the address, and see if you get to the same last hop as if you trace to the primary BMgr address. Could be that the ISP is routing that address incorrectly. Craig Johnson Novell Support Connection SysOp *** For a current patch list, tips, handy files and books on BorderManager, go to http://www.craigjconsulting.com *** |
|
|
|
|
|
«
Previous Thread
|
Next Thread
»
| Thread Tools | Search this Thread |
| Display Modes | |
Linear Mode
|
|
|||
|
|
Powered by: vBulletin Version 3.0.7
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
© 2003-2004 All Rights Reserved GroupBrowser LLC.
