Networker

Re: [Networker] problems with a client behind a Cisco with NAT

2005-04-13 01:18:03
Subject: Re: [Networker] problems with a client behind a Cisco with NAT
From: CurtisE <CurtisE AT CURTISE DOT NET>
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date: Tue, 12 Apr 2005 22:19:25 -0700
Are you using access control lists (or a real firewall) in addition to NAT
(I would assume so)?  Having not personally tried it, I'm not positive that
NetWorker will work with NAT.  But from what you describe, it smells more
like a filtering issue than a NAT issue...

CurtisE

-----Original Message-----
From: Legato NetWorker discussion
[mailto:NETWORKER AT LISTSERV.TEMPLE DOT EDU]On Behalf Of
rader AT GINSENG.HEP.WISC DOT EDU
Sent: Friday, April 08, 2005 3:06 AM
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Subject: [Networker] problems with a client behind a Cisco with NAT


I've got a RHEL3 client behind a Cisco router with NAT with these
ports punched through: 111, 7937 & 7938.  NetWorker is working,
but commands on the client are balking for ~ 10 seconds... because
they can't contact portmap on the client.

After digging around a little, I realized that the Cisco won't
allow systems on the private side to contact the punched through
ports via the public address.  To wit: rpcinfo -c private_address
works but rpcinfo -c public_address fails "connection refused."

Does anyone know of a work-around?  Better yet, does anyone know
the correct Cisco IOS magic??  What I have is...

 ip nat inside source static tcp 10.10.10.10 111 interface Ethernet1 111
 ip nat inside source static tcp 10.10.10.10 7937 interface Ethernet1 7937
 ip nat inside source static tcp 10.10.10.10 7938 interface Ethernet1 7938

steve
- - -
systems & network manager
high energy physics
university of wisconsin

--
Note: To sign off this list, send a "signoff networker" command via email
to listserv AT listserv.temple DOT edu or visit the list's Web site at
http://listserv.temple.edu/archives/networker.html where you can
also view and post messages to the list. Questions regarding this list
should be sent to stan AT temple DOT edu
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=

--
Note: To sign off this list, send a "signoff networker" command via email
to listserv AT listserv.temple DOT edu or visit the list's Web site at
http://listserv.temple.edu/archives/networker.html where you can
also view and post messages to the list. Questions regarding this list
should be sent to stan AT temple DOT edu
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=