NAT Simply not working

Hello, This is my first time posting on this forum although I am a frequent visitor. I have setup a client with Airport Extreme and NAT is simply not working. I have NAT enabled with the proper ports routing to the proper IP addresses and the traffic does not go through.
I performed a port scan via nmap on the ports in question and the status of the ports were identified as "filtered". At least the tool recognized a service was running on the specifiec ports but the state was filtered rather than closed. After connecting a linksys router and configured it the same; I ran the same scanning test yielding ports with the status "open".
Please advise...

Yes, this button must be checked for me to enter the ports in which to be mapped. Again when I scanned the ports they were in fact recognized that services were running but the port state was "filtered". I believe this is the problem. This normally will allow connections to be spawned from the machine in question and then allow traffic but it doesn't appear to allow a external connect initiation.

Similar Messages

Cisco 871 NAT configuration not working

The problem is that NAT is not working for the "internal" network.
If i own the ip 10.0.0.15 for example and i try to reach x.x.x.x:65009 i will not work.
what's the problem?
here is the configuration:
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description $FW_OUTSIDE$$ES_WAN$$ETH-WAN$
ip address x.x.x.x 255.255.255.192
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
interface Vlan1
ip address 10.0.0.1 255.255.255.192
ip access-group 2 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 10.0.0.12 60022 x.x.x.x 65000 extendable
ip nat inside source static tcp 10.0.0.12 80 x.x.x.x 65001 extendable
ip nat inside source static tcp 10.0.0.12 21 x.x.x.x 65002 extendable
ip nat inside source static tcp 10.0.0.12 389 x.x.x.x 65003 extendable
ip nat inside source static tcp 10.0.0.12 3306 x.x.x.x 65004 extendable
ip nat inside source static tcp 10.0.0.12 10000 x.x.x.x 65005 extendable
ip nat inside source static tcp 10.0.0.12 443 x.x.x.x 65007 extendable
ip nat inside source static tcp 10.0.0.21 80 x.x.x.x 65009 extendable
ip nat inside source static tcp 10.0.0.21 22 x.x.x.x 65010 extendable
ip nat inside source static tcp 10.0.0.12 8080 x.x.x.x 65011 extendable
ip nat inside source static tcp 10.0.0.21 21 x.x.x.x 65012 extendable
ip nat inside source static tcp 10.0.0.21 3306 x.x.x.x 65013 extendable
logging trap debugging
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.0.0.0 0.0.0.63
access-list 2 deny 10.0.0.8
access-list 2 deny 10.0.0.2
access-list 2 deny 10.0.0.3
access-list 2 deny 10.0.0.6
access-list 2 deny 10.0.0.7
access-list 2 deny 10.0.0.4
access-list 2 deny 10.0.0.5
access-list 2 permit 0.0.0.0 10.0.0.63
Posted by WebUser ??????? ???

No, the ranges are not the same. That is, they share the same B-class stats, but no C-class.
Incidentally, the extendable parameter is present in this ios version. When I change the parameter interface dialer0 to the ip address associated with the interface, extendable is addedd automatically. No joy however.
Today I'm going to try and downgrade the ios, another router with 12.4(4)T1 does have functional port mappings....

I just buy an iPhoto 11 version and it's not working. No import to library, no open, no slideshow, nothing.... Quit unexpected. Simply NOT working guys. :-( Any ideas? Tnx

Hi Guys
I just buy from Apple Store a iPhoto 11 version and it's not working.
No import, no open, no slideshow, nothing... It's frozen!!! Quit unexpected.... Simply not working!
Any ideas? Tnx.

What happens when you try? More information gets you better help...

NAT is not working for VRF partially

Hello!
I have a diagram like this:
VRF_A and VRF_B have overlapping addressing plans from series 192.168.x.x.
As routing protocol in both of VRFs adopted RIP (I tried all, but effect much the same).
The closest to PE1 network is 172.16.0.0/24.
PE1:
ip vrf VRF_A rd 65001:1 route-target export 65001:1 route-target import 65001:1ip vrf VRF_B rd 65001:2 route-target export 65001:2 route-target import 65001:2ip nat inside source list 10 interface FastEthernet0/0 vrf VRF_A overloadip nat inside source list 10 interface FastEthernet0/0 vrf VRF_B overloadip route vrf VRF_A 0.0.0.0 0.0.0.0 FastEthernet0/0 172.16.0.1 globalip route vrf VRF_B 0.0.0.0 0.0.0.0 FastEthernet0/0 172.16.0.1 globalinterface FastEthernet0/0 ip address 172.16.0.24 255.255.255.0 ip nat outside duplex fullinterface FastEthernet1/0 ip vrf forwarding VRF_A ip address 192.168.0.2 255.255.255.0 ip nat inside duplex full
interface FastEthernet4/0 ip vrf forwarding VRF_B ip address 192.168.0.2 255.255.255.0 ip nat inside duplex full
When I try ti ping 172.16.0.1 from CE11, CE21 and from VRF_A and VRF_B on PE1 - all if fine! NAT is performed and ping is OK.
But when I tried to ping from others (PE2 and CE21 and CE22) NAT is not performed, I see 192.168.x.x at Internet Router and ping is failled.
I'm in stupor. What could it be??? And how to avoid this situation? Are there "exits"?
I forgot to mention that there is a full connectivity inside both of VRFs. Routing protocols and redistribution work fine.
Kind regard,
Ellad

It's wrong:
PE1interface toward P1 ip nat insideinterface toward P2 ip nat inside
Here is PE1:Current configuration : 2829 bytes
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname PE1
boot-start-marker
boot-end-marker
no aaa new-model
ip subnet-zero
ip vrf VRF_A
rd 65001:1
route-target export 65001:1
route-target import 65001:1
ip vrf VRF_B
rd 65001:2
route-target export 65001:2
route-target import 65001:2
ip cef
ip audit po max-events 100
mpls label protocol ldp
interface Loopback0
ip address 10.0.2.1 255.255.255.255
interface FastEthernet0/0
ip address 172.16.0.24 255.255.255.0
ip nat outside
duplex full
interface FastEthernet1/0
ip vrf forwarding VRF_A
ip address 192.168.0.2 255.255.255.0
ip nat inside
duplex full
interface FastEthernet2/0 ip address 10.0.23.1 255.255.255.0
duplex full
tag-switching mtu 1512
tag-switching ip
interface FastEthernet3/0
ip address 10.0.24.1 255.255.255.0
duplex full
tag-switching mtu 1512
tag-switching ip
interface FastEthernet4/0
ip vrf forwarding VRF_B
ip address 192.168.0.2 255.255.255.0
ip nat inside
duplex full
router ospf 1
log-adjacency-changes
network 10.0.0.0 0.255.255.255 area 0
router rip
version 2
no auto-summary
address-family ipv4 vrf VRF_B
redistribute bgp 65001 metric 1
network 192.168.0.0
no auto-summary
exit-address-family
router bgp 65001
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 10.0.5.1 remote-as 65001
neighbor 10.0.5.1 update-source Loopback0
address-family vpnv4
neighbor 10.0.5.1 activate
neighbor 10.0.5.1 next-hop-self
neighbor 10.0.5.1 send-community both
exit-address-family
address-family ipv4 vrf VRF_B
redistribute static
redistribute rip
no auto-summary
no synchronization
exit-address-family
address-family ipv4 vrf VRF_A
no auto-summary
no synchronization
exit-address-family
ip nat inside source list 10 interface FastEthernet0/0 vrf VRF_A overload
ip nat inside source list 10 interface FastEthernet0/0 vrf VRF_B overload
ip classless
ip route vrf VRF_A 0.0.0.0 0.0.0.0 FastEthernet0/0 172.16.0.1 global
ip route vrf VRF_B 0.0.0.0 0.0.0.0 FastEthernet0/0 172.16.0.1 global
no ip http server
no ip http secure-server
ip extcommunity-list 1 permit soo 65002:901
access-list 1 deny   10.1.8.1
access-list 1 deny   10.0.8.1
                          access-list 1 deny   10.1.2.1
access-list 1 deny   10.0.2.1
access-list 1 permit any
access-list 10 permit 192.168.0.0 0.0.255.255
access-list 10 permit 192.168.1.0 0.0.0.255
route-map rm-soo permit 10
set extcommunity soo 65002:901!
route-map rm-soo-action deny 10
match extcommunity 1
route-map rm-soo-action permit 20
match ip address 1
gatekeeper
shutdown
line con 0
exec-timeout 144 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
1.0.5.1 is Loopback0 of P3. It's a route-reflector for all PEs. I study.
And all what you see above - Dynamipses. Internet router - real Ubuntu server.

NAT Service not Working

My ISP is one big huge failure, however, because it is the only game in town, we have no choice but to subscribe to their overly-expensive poor service. Well, that is no more. I recently bought a WiMax USB dongle, and it works on my iMac without any problems. However, I would like to setup my SL server as a gateway for my home network. For some reason, the dongle doesn't play well on SL Server. Here are the problems I am having:
1. In order to get the dongle to connect to my WiMax service, I have disable the ethernet connection (en1), start the dongle's utility software and let it connect, then re-enable my en1 connection. This would be ok, however, I have to manually put in the network information for en1 every time I do this.
2. I have DHCP, DNS, Firewall, and NAT services enabled. All but the NAT services work. SL Server assigns IP addresses to all clients; I can perform reverse lookups on my DNS service; and the firewall...well it is just being a firewall. I can't really check it because of problems I am having with NAT. Speaking of NAT, I assigned the WiMax dongle to the WAN interface, en1 as the LAN interface, and started the service. For about five minutes, I was in blissful heaven thinking about the day I would walk in my ISP's office and tell them what they could do with their crappy service. But my natural high suddenly ended when the NAT service stopped. I tried starting it, and the green light would come on for about .5 seconds and then go out. The service just won't start. I have reinstalled SL and performed all the updates three times, and I get the same results. I have tried the Gateway Setup Assistant, but NAT will not start.
The only additional information I can provide is that because the dongle manufacturer has not written 64 bit drivers for OS X SL or SL Server, I am running my SL Server in 32 bit mode.
I am prepared to return the dongle and get a WiMax router (switch the service from my dongle to the router) and a USB Ethernet adapter for my server. The router will bridge its connection to my SL server. However, I want to make sure that the problems I am experiencing can be fixed through helpful advice from the Apple community; or are related to the dongle and its driver in which case the problems will go away if I get the WiMax modem.
Any and all help is greatly appreciated.

I can confirm this behavior with my Snow Leopard Server 10.6.8. Booting into 32bit mode, NAT won't run. Booting into 64bit mode, everything works as expected.
An interesting point: When running in 32bit mode, the natd program works perfectly when run manually. It just doesn't work with any of the Apple GUI tools that control system services/auto-running/etc.
CraigBB

Why does this NAT configuration not work ?

interface FastEthernet0/0
description To Cable Modem
ip address dhcp
ip nat outside
interface FastEthernet0/1
description To LAN
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip nat pool ovrld 72.186.194.72 72.186.194.72 netmask 255.255.192.0
ip nat inside source list NATOUT pool ovrld overload
ip access-list standard NATOUT
permit 192.168.1.0 0.0.0.255 log
Show ip nat translations shows no translations.
The Stats
Dynamic mappings:
-- Inside Source
[Id: 3] access-list NATOUT pool ovrld refcount 0
pool ovrld: netmask 255.255.192.0
        start 72.186.194.72 end 72.186.194.72
        type generic, total addresses 1, allocated 0 (0%), misses 0
Queued Packets: 0
I can get one device to translate with a static but the dynamic does not work.

Hey Rolf. I used the commands like you said but it will not translate anything unless the entry is static.
ip nat inside source static 192.168.1.2 72.186.*.72      is what im using to get my main node translated while i figure out this problem. The configuration worked fine until I upgraded IOS from 12.3 to 12.4. Thats when it quit translating. My config follows. Keep in ming that when i tried your commands I removed the static entry for 192.168.1.2
Building configuration...
[OK]
HEADEND(config)#do sh run
Building configuration...
Current configuration : 3267 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname HEADEND
boot-start-marker
boot-end-marker
enable secret 5 $1$vk5M$eGiHBbhKZrvPdNz0aXhve1
no aaa new-model
memory-size iomem 15
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.100
ip dhcp excluded-address 192.168.1.254
ip dhcp excluded-address 192.168.1.250 192.168.1.254
ip dhcp pool DEESPOOL
   network 192.168.1.0 255.255.255.0
   dns-server 65.32.5.111 65.32.5.112
   domain-name dbtech.netpros.com
   default-router 192.168.1.254
crypto pki trustpoint TP-self-signed-3843280569
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3843280569
revocation-check none
rsakeypair TP-self-signed-3843280569
crypto pki certificate chain TP-self-signed-3843280569
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33383433 32383035 3639301E 170D3032 30333031 30333331
30305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 38343332
38303536 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BD0F 1F06509B 67D1C1F4 C9AEFA31 89A8C059 4B17CDE8 95F23275 CFB9AC41
D784F703 C25B630D A0461FB1 114B3608 B3387518 8F552DD7 41796488 F0C79FC0
103A2C3F FFE388FE 7970D921 C5F754D1 68A15518 F30F91CC 26884284 5C8C3275
B06A584D 96D2D5CB 92068B40 C05C8A4E 80E9CCE0 2DE5883F 9EF405BB 89252921
B03D0203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17484541 44454E44 2E74616D 70616261 792E7272 2E636F6D
301F0603 551D2304 18301680 14E92E8B 5F671437 6F383CCD 42AD6AE8 4CC47730
F9301D06 03551D0E 04160414 E92E8B5F 6714376F 383CCD42 AD6AE84C C47730F9
300D0609 2A864886 F70D0101 04050003 81810055 7BE1410C C73F83F3 26B30B9A
569ED607 9FDCB6CD 46125795 0A8137EF 930C195B 19E79813 B6DF9B2D 6809F4A2
A5F0BDB0 03DF87D2 81643EC7 5D619E65 132B1C12 61FB212B DAEB02A2 56E63559
D931DF1F A3817AAF F21D8EE0 D0741B96 DBF52051 78964876 5AB7E319 5A051455
4EA9186D 1E9ABC81 00573284 564D6BE7 486681
quit
username derek privilege 15 secret 5 $1$rBZD$NqY/hkTEpcZV4rYqwtKAD.
interface FastEthernet0/0
description To Cable Modem
ip address dhcp
ip nat outside
duplex auto
speed auto
interface FastEthernet0/1
description To LAN
ip address 192.168.1.254 255.255.255.0
ip nat inside
duplex auto
speed auto
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 dhcp
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list NATOUT interface FastEthernet0/0 overload
ip access-list standard NATOUT
permit 192.168.1.0 0.0.0.255 log
control-plane
line con 0
line aux 0
This is very odd it is like dynamic NAT is just broken.

Creative Zen V won't charge, is not recognized, simply not work

hey. couple of weeks ago i bought myself a creative v zen. i have win xp prof sp2 and everything was working fine. few days ago suddenly media explorer crashed while i was transfering music to the player. i had to reset my player. since then, my zen is simply not recognized, neither by media explorer, nor by windows itself. there's always a mtp device being found, but it won't install the drivers. i reinstalled all the drivers and all the software, i downloaded all the updates, but it's still not working. my player won't even charge itself. only if i'm lucky enough. and everytime i turn on the zen, it says that it's rebuilding the media library. does anyone know how to fix that thing ?

Have you try running Cleanup from Rescue mode?
Jason

IPhone 4 simply not working

My phone has simply stopped working. I thought it had maybe lost its charge but I plugged it into my AC adaptor and I saw the apple coming up but it then came up with a notification stating that this is not compatibale with this device, please connect to itunes. I then tried to connect it through my laptop but got absolutely nothing. Any help would be brilliant or would I be best just sending it back to apple as I am still within my warranty period.

First clean the connector on the bottom of the phone and the end of the cable. Dirt in either connectory can result in the "compatible" message.
Then see this to recover the phone: http://support.apple.com/kb/HT1808

Is iCloud simply not working as it should?

I have an iPad 2 and an iPhone 4S both running iOS5. Also Apple TV
I'm noticing thta iCloud just 'doesn't work' as it's suppose to all of the time.
I've been using Photostream.. All working good on *ALL* my devices for a while, Then today the photo stream
decided to dissapear from my iPad. I didn't change any settings. It just decided to dissapear.. Photo Stream is still
on my other devices including Apple TV.
Now if I switch off photo stream on the ipad and switch it on again it will start downloading the pics.
Also Reminders.
When I make a new reminder, it appears on all devices. Now lets say I try to delete this reminder from my iPhone,
it does not delete from my iPad. To get it to delete from my iPad I have to firstly make a NEW reminder on my iPad and
as this reminder goes up to the cloud, only THEN will the previous reminder get deleted.
It's almost like I have to keep 'nudging' iCloud to speak to my device mainly my iPad2. Now this is only 50% of the time.
My iPad2 seems to be the dodgiest device for iCloud. Again, only 50% of the time.
My settings and my iCloud account and my Apple ID is in order.. This whole setup of iCloud is real simple and I understand the concept
perfectly so there's no errors on my part.. It's just not working!!
Very frustrated with this.. I was hoping it would 'just work'. .
-Frankie

Apple has severe issues with their servers. What you experience is harmless compared to us iwork for ios users : the cloud randomly deletes all of our created documents.. Lost, forever, gone , zeroed out. Hours of research,typing, editing data = poof in the cloud.
"documents in the cloud" = It is a joke. but a bad one.
Edit : and so is "photostream"..

FaceTime for Mac - simply not working

Hi there @everyone,
before everything I have a 2 years old MB running Mac OS X 10.6.5 with all the updates installed.
I downloaded FaceTime and successfully logged in and I also manage to see my full contacts list.
The problem is that I tried to call many times a friend of mine with FaceTime enabled and on (first with another Mac, then an iPhone 4 and finally iPod 4G) and every time the FT app on my Mac dials, then says "connecting..." and finally "FaceTime failed".
This happens also when a friend tries to call me... says "connecting..." and then failed...
I also checked the firewall options and tried to re-install the software but nothing.... still same problem...
Any possible solution?
Thanks

Blaze92 wrote:
Hi there @everyone,
before everything I have a 2 years old MB running Mac OS X 10.6.5 with all the updates installed.
I downloaded FaceTime and successfully logged in and I also manage to see my full contacts list.
The problem is that I tried to call many times a friend of mine with FaceTime enabled and on (first with another Mac, then an iPhone 4 and finally iPod 4G) and every time the FT app on my Mac dials, then says "connecting..." and finally "FaceTime failed".
This happens also when a friend tries to call me... says "connecting..." and then failed...
I also checked the firewall options and tried to re-install the software but nothing.... still same problem...
Any possible solution?
Thanks
(1) iPhone 4 must be running iOS 4.1 or later. 4.0.1 will NOT work. More info:
http://support.apple.com/kb/HT4319
(2) Try at a different wi-fi hotspot.
If you can connect at internet cafe, Apple Store, etc., you will need troubleshoot your home internet connection. It must be broadband speed and, if you have a network, you can troubleshoot that starting here:
http://support.apple.com/kb/ht4245
Mac Pro Quad Core (Early 2009) 2.93Ghz Mac OS X (10.6.5); MacBook Pro (13 inch, Mid 2009) 2.26GHz (10.6.5)
LED Cinema Display; G4 PowerBook 1.67GHz (10.4.11); iBookSE 366MHz (10.3.9); External iSight; iPod4touch4.2.1

Spotlight (leopard) is simply *not* working properly...

i needed to trash my firefox prefs, but couldn't remember the exact name of the document (org.mozilla.firefox.plist). so i typed "firefox" in spotlight.
i got a few results -- the app, etc., -- but absolutely no preference files. i double-checked: i was searching "this computer." it defaults to "contents," so i switched to "file name" -- but still nothing.
finally i went to the preferences folder and scanned for the document manually -- and found it.
if i'm searching "this computer," and spotlight doesn't "see" a document that's sitting right there -- how can this be the correct behavior? i know i was able to find preference files with spotlight in tiger.
what am i missing, here?

Spotlight is great for documents, but for anything system related I use to open a terminal (Command-Space Terminal Enter) and type the following command at the prompt:
locate [filename]
which is in your case:
locate org.mozilla.firefox.plist
I must admit that I come from a Unix background, so the locate command is quite a normal way for me to find files. And you circumvent all those nifty features in Spotlight which like to do your thinking for you.
Further, I must disagree with you in that Leopard Spotlight does not work property. It seems to be doing exactly what is designed to do. That this is not what you would expect it do is more a bug in the design team than in Spotlight

Connection to One Site simply not working

Anyone any ideas please. I simply can't connect to Halifax bank. www.halifax.co.uk On odd occasions it has gone to the home page, but when I try to sign in I can't. Just get the message can't find server. Halifax say there is nothing wrong with their system, and I can access all other Bank Accounts. it's not Safari, as it doesn't work on Firefox or Opera either. Worked fine yesterday. Have emptied cache, deleted cookies, restarted machine, switched off at Power source, emptied trash and goodness knows what else. I cannot think why it simply cannot find this site. Need to transfer some money so if anyone has any idea it would be really appreciated. thanks. steve.

Some banks are notoriously uncaring and lazy about what systems and browsers they support.
Try reading these threads:
http://discussions.apple.com/thread.jspa?threadID=1893522&tstart=0
http://discussions.apple.com/thread.jspa?threadID=1831414&tstart=175
http://discussions.apple.com/thread.jspa?threadID=1828195&tstart=200
As it says in this document:
http://developer.apple.com/internet/safari/
"Safari complies with standards, but not all browsers do. This article explains how to design, modify and validate your website so that it can be rendered and read properly by all major browsers."
The bank/s need to read this:
"Safari is one of the most standards-compliant browsers ever built. Thus, your best bet for ensuring your pages render properly in Safari — today’s version and beyond — is to follow web standards. For a great overview of web standards, check out Mozilla.org’s article Using Web Standards in Your Web Pages."

SA520 NAT/PAT not working with NAT address

The SA520 I have is configured on one public IP address and an exchange server is behind it. THe exchange server is configured with an internal address and the SA520 is performing NAT translation to a unique public address for the email server itself which is independant of the SA520. It seems that the SA520 is sending email out the NAT address correctly at some time and at other times it seems to be sending the email traffic over the PAT address of the SA520 public address. When this happens the email gets blocked due to spam lists. Then the email will work again correctly.. and then go back. If I use a 3rd party website to test the IP address sometime I get the correct one and sometimes I get the wrong address.
Is there a way I can confirm that the SA520 NAT settings are correct to allow ALL outbound communications from the exchange server (which is behind the SA520)? I may have the SA520 configuration wrong and it is possible that the SA520 is only providing inbound PAT for port 25. How do I tell the SA520 to do a 1 to 1 NAT with the exchange server?

Hi John,
In order to establish a 1 to 1 NAT on the SA 500 series, as in your case, you must first you must first add an IP Alias for your 2nd WAN. Next, you create a Firewall rule to "force" all or selected traffic from your NATed server (LAN) to the WAN to go out thru the IP ALIAS address. Finally, we forward specific traffic from the WAN to your NATed Server (LAN) thru Firewall Rule(s). See sample wan2lan bitmaps attached. Do this for each of the services that you will allow to come in thru the SA 520 to your Server. As long as there are no other Firewall rules overlapping with the newly created rules, traffic to and from your NATed server will come/exit thru your ALIAS IP.
We can verify this by performing a WAN Packet Trace (Administration-->Diagnostics -->Packet Trace) After choosing Dedicated WAN as the Network to be captured, Click on Start to perform Packet Capture. Go to your NATed server, and perform the following, on a command prompt window Ping google.com, open a browser window and open google.com. On a remote machine, open a web page on your server (OWA?) to test incoming HTTP/HTTPS requests. Stop your capture, and save the packet capture file by pressing the Download button. Open file with Wireshark/Ethereal and observe the source and destination address of the packets. They should have the ALIAS address and not the WAN IP address.
If the above step is good, then we have to take a look as to if and why your SMTP or email services are not being routed out the ALIAS interface. Repeat capture steps as above, but this time send an outgoing email, and test an incoming email by emailing an internal account from an outside email acount (yahoo, gmail, hotmail).
If you still have failure, and you have IPS or ProtectLink enabled, can you run the steps that failed with IPS and/or ProtectLink both disabled?
If there are issues, you can post the captures as a personal message to me.
I hope the above will help narrow the issue a bit.
Best regards,
Julio

System unresponsive, slow, or simply not working (parts)

Hi, I'm having big troubles recently. I just updated to the latest software updates, but some of the symptoms were there before the update.
First of all, the menu bars doesn't show a lot of my previous icons. Including time, date, and pretty much everything else you have by default (Spotlight is there).
Next, plenty of my applications will simply hang (mostly applications that deals with hardware stuff):
Disk Utility (please take note, even the terminal diskutil will hang, this is important, I'll get back to it later), Image Capture (I plugged in a canon all-in-one I hadn't used for a while, one that I got with the mac) hangs totally, Finder is way too often unresponsive, *exiting a session is impossible, as well as shutting down the mac (no message, simply nothing happens)*, internet access is definetly unusable (way too long lag, too often my browser disconnects or times out note that I use Safari and Firefox).
I tried rebooting the system so it might solve thing, but shutting it down in any way won't work, even for quitting sessions, as stated above.
I then though about starting a whole new system (I was planning this because I wanted to clean up this one too), like the system on a drive, my files on another, backup on another, archives, etc; but Disk Utility hangs (no gui is seen, hangs before it loads).
I also wanted to repairs permissions and fix anything like that, but.. can't use Disk Util. (both GUI and CLI)
Source of problem I think:
Not enough disk space - although I have been using the system with a lower disk space recently, I am now a 4GB free on a 500GB which is WAY below the recommended 15% free space at all time
Fonts - Yes, I have lots of issue with fonts, so using Linotype Fontexplorer X I de-activated all the fonts not listed under "System Fonts" (otherwise I had too much at the same time) but I now see a lot of website using standard fonts with replacement fonts, this sounds bad.
Possible bad updates?
I am thinking of booting up another spare system I have (of course to prevent such problems from turning worse (everyone should have another spare system)) and then start over a whole new system.
Any ideas on how to import files and program (and settings, if possible) in a smart way?
I would appreciate any help because I am currently experiencing a lot of small problem rendering the whole thing useless, if you have any ideas or suggestions this would be really appreciated, thank you!
Edit: I can't even post this a the time of writing. The lag I have restrain me from uploading anything to anyone, and permits very low downloading. I had to save this text somewhere until it finally worked posting.
Edit: I tried adding Menu items in the Core Services folder, manually. Nothing happenned.
Edit: iTunes awfully long to load too. I dare checking any other apps.

First step to a cleaner system:
Make way!
OS X needs at least 15% of your startup disk to work proprely.
A lot of experts even in these forum has confirmed this, and this should be a general rule with no exception.
As my startup has 500GB, I'd need to have at least 75GB more or less (more more than less) space free.
Using GrandPerspective , I was able to find out who were the culprits using huge disk space, often without good reason. These including gigantic duplicate backup of older system (old win/unix laptop lying around), copy of DVDs (WHOLE copy, god, oh god why?) which were blottering up all the space.
Other utility of the same genre as GrandPerspective available are: Disk Inventory X (slower than GrandPerspective in my opinion) and TreeSizeMacOSX (a lil awkward to use, not so nice GUI).
These are program that will show off a graphical display of file depending on their size. Huge one are big nice easy to spot blocks, while smaller files are simply smaller square (as for GrandPerspective and Disk Inventory X). I suggest you try out both.
Once you've found the culprit, decide what would be his fate.
As for my DVDs, I am encoding them (high tech quality and encoding, yo!) using Handbrake. If you don't know about Handbrake and need to have some DVDs converted, I highly suggest you try it out at once.
+Remember to only use DVD encoding and copying for your own and personnal use.+
Results?
I have compressed a 70GB disk image to a 45GB using Disk Utility and changing the image type. Oh but since I already had the compressed one, I just made 70GB. Then I am saving at the moment 7,2GB of each DVD, as my final size is 900MB over a 8GB film.
As for my pictures, which are consuming 100GB of my disks, I am currently building (or trying to) an automator action to resize and compress all the picture I feel less confident about keeping, but that I can't get rid off (I'm sure a lot of people gets the same feeling towards picture). This will help reduce by a lot the number of high quality picture really available, as I don't really need a super RAW quality for each shots.
One last note: I recommend always have a spare workable drive, perhaps even with a partition with a system on it. In that case, if you ever need to move huge amount of data, or even your whole system, but your system won't move because of lack of space, a spare disk can come in handy in these moments.
That's pretty much it for disk space cleaning!

External monitor simply not working - including with external dock (dual screen)

I can't get the external monitor (aka dual screen) to work on my T60 via the VGA port. My model is currently running Windows XP and has a ATI Radeon X1300 video card.
I'm 6 months out of warantee (although this problem started while in warantee but I can't convince Lenovo of that).
I've tried the following:
- ensuring "extend my monitor onto this desktop" in windows display properties
- disabling/enabling Presentation Director and trying all the schemes
- setting all different combinations of modes for resolution/colour on both (LCD + VGA) monitor
- trying two different monitors and cables (which did work with other computers)
- Updating the video drivers (from the Lenovo website) and Presentation Director to the latest versions
I then figured it might be a hardware fault, so I tried to see if the external monitor was activated on bootup. I made sure the "LCD + VGA" option on boot was selected in BIOS. Still no joy.
Finally, I figured the actual VGA connector was broken so I bought a compatible mini docking station (port replicator) and attached the VGA cable to that and even that didn't work.
What on earth could be wrong if it's not the software and not the VGA connector? The video card is working as its powering the LCD display?
Is my only option to give it in to repair (I can't afford that)?
Michael
Message Edited by mstrom on 07-03-2008 04:03 AM

T23FUN wrote:
Hi,
Does the external connections and cables work with another system. I'd do that first.
If all of it works with another system then it could be drivers or internal things but try that first.
There are some driver updates on the Lenovo site. Make sure your BIOS are updated and such.
Good Luck,
Yup, checked the cables and monitor with another system (actually with the same laptop using a USB->VGA adaptor which isn't a long-term fix)
Also updated to all the latest driver including a BIOS update (which I forgot to mention).
thanks,
Michael

NAT Simply not working

Similar Messages

Maybe you are looking for