General discussion

Locked

NAT and Domino R5

By RockDaWiz ·
We have two locations running Domino 5.0 servers connected together via the
internet. When we turned on NAT in a new router we were setting up, people in the other location were no longer able to send us email or open databases on our server. Replication only worked if it was initiated on our end.

We ended up reprogramming the router to not use NAT on specific IP addresses (namely the ones used by all of our servers). From a security standpoint, this unfortunately leaves the servers open toanyone on the
internet!

I am still searching for a better solution. I believe that something in the configuration of the Domino server, perhaps the TCP/IP port that it uses to talk to the other server, is the answer?

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

NAT and Domino R5

by geedavid In reply to NAT and Domino R5

Let's suppose that server A has an IP address of 131.107.2.205 which is used on your internal LAN. Let's suppose that the IP address at the router is 63.82.14.102 (NAT at work).

Let's further assume that server B has an IP address of 75.113.23.10. In addition this server (server B) has a connection document pointing to server A. If the connection document from A points to 63.82.14.102 I believe you should be able to connect.

The situation with which I work is similar. I have a client for whom we provide administrative support. His Domino R5 server is on the far side of a router with NAT enforced. When this was first implemented we changed the connection document but were still unable to connect. To complete the remedy we had to make sure port 1352 was open. Port 1352 is the "well know port" used for Notes/Domino RPC.

Hope this helps.
DW

Collapse -

NAT and Domino R5

by RockDaWiz In reply to NAT and Domino R5

Poster rated this answer

Collapse -

NAT and Domino R5

by Netmetric In reply to NAT and Domino R5

You would have to use a static nat address. if you are using dynamic nat or pat it is impossible for the router to guess where you want the traffic to go.

It sounds like you are using static nat or real IP addresses on the other site and dynamic nat at your location.

It is also important to know if you are connecting by name (ex. notes.mydomain.com )where dns is resolving the address and if you have a internal host files on the computers, confusion happens alot when referencing internal vs. external dns server.
double check dns information and settings.

Dynamic NAT does hide internal hosts, but static NAT opens the door to the host that you are translating the address. The effect is just like what you accomplished by not using NAT and using real IP addresses. Depending on the router you can use extendable nat and translate to a specific port and use dynamic nat on the others.

If your goal is to protect the hosts, Access-lists filtering out the incomming traffic would be my first step. Permit

Collapse -

NAT and Domino R5

by RockDaWiz In reply to NAT and Domino R5

Poster rated this answer

Collapse -

NAT and Domino R5

by RockDaWiz In reply to NAT and Domino R5

This question was closed by the author

Back to Security Forum
5 total posts (Page 1 of 1)  

Security Forums