This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Windows 2003 Domain

Anyone managed to get Astaro working using user authentication with a windows 2003 domain? I have Astaro able to connect to up2date...finally...still can't access the internet from workstations though, can't seem to get user authentication working. I believe the HTTP proxy is set correctly and I have packet filters allowing http and dns out...don't knwo what else to do [:(]

This thread was automatically locked due to age.

Parents

0 Simon Shaw over 21 years ago

flyingkiwi,

Enable the HTTP proxy in standard mode.

Enable the DNS proxy and put in your ISP's DNS server/s

Create a MASQ rule for the internal network (workstations).

Create a packet filter rule.
Internal_Network Any Any Allow.

They should now be able to access external sites.
(Indeed using all protocols).

You do not need packet filters for DNS or HTTP (Point clients DNS server to the internal interface of the firewall).

Point clients browsers to the proxy server:
ie: 192.168.0.1 Port 8080

Disable the : Internal_Network Any Any Allow rule.
Now browsers should be able to access internet through the proxy server.
Hostnames resolved using the DNS proxy on Astaro.

Worry about getting Windows 2003 domain authentication done later.
Cancel
Vote Up 0 Vote Down

Cancel
0 flyingkiwi over 21 years ago in reply to Simon Shaw

Have enabled HTTP Proxy for internal in standard mode
Have enable DNS with DNS server address
Have created a Masq Internal(address) all/all
Created packet filter internal allow any any
Still no internet access from clients
Have set clients to astaro as gateway and astaro as dns...
I am using PPOE on Intenet NIC
Up2date is working so Astaro has internet access, it is up and has recieved ip address.
Have disabled all unnecessary bits
Still no internet access.
Tracert seems to get dns info ie ip address of typed in url...but stops at Astaro...
Thanks for the help!
Cancel
Vote Up 0 Vote Down

Cancel
0 Simon Shaw over 21 years ago in reply to flyingkiwi

Can clients ping the external interface?

What does the packet filter live log show when you try to get out to a site?

Can you ping an external site at all ?
Cancel
Vote Up 0 Vote Down

Cancel
0 flyingkiwi over 21 years ago in reply to Simon Shaw

No ping reply from url or ip address of websites.
Yes ping to external eterface successfully.
Have attached packet filter during attempted browse to website.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 flyingkiwi over 21 years ago in reply to Simon Shaw

No ping reply from url or ip address of websites.
Yes ping to external eterface successfully.
Have attached packet filter during attempted browse to website.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Simon Shaw over 21 years ago in reply to flyingkiwi

192.168.0.75 is your firewall?
Normally (not set in stone though) You would use 192.168.0.1 for the firewalls address on the inside interface.

I assume 192.168.0.149 is your workstation.
I see the workstation hitting 64.142.56.116 OK on port 80 (web)

If you are not seeing traffic coming back in I would suspect a bad MASQ rule. Please post a screenshot of your MASQ/NAT page. Thanks.
Cancel
Vote Up 0 Vote Down

Cancel
0 flyingkiwi over 21 years ago in reply to Simon Shaw

It was the masq, I had the internal set as the internal(address) when it should have been internal(network)...simple...eventually...Thanks alot for your help!!!!!
Cancel
Vote Up 0 Vote Down

Cancel
0 Simon Shaw over 21 years ago in reply to flyingkiwi

No problem, it's always the simple mistakes that get you [:(]
Cancel
Vote Up 0 Vote Down

Cancel