General discussion

  • Creator
    Topic
  • #2081352

    NAT and Domino R5

    Locked

    by rockdawiz ·

    We have two locations running Domino 5.0 servers connected together via the
    internet. When we turned on NAT in a new router we were setting up, people in the other location were no longer able to send us email or open databases on our server. Replication only worked if it was initiated on our end.

    We ended up reprogramming the router to not use NAT on specific IP addresses (namely the ones used by all of our servers). From a security standpoint, this unfortunately leaves the servers open toanyone on the
    internet!

    I am still searching for a better solution. I believe that something in the configuration of the Domino server, perhaps the TCP/IP port that it uses to talk to the other server, is the answer?

All Comments

  • Author
    Replies
    • #3899175

      NAT and Domino R5

      by geedavid ·

      In reply to NAT and Domino R5

      Let’s suppose that server A has an IP address of 131.107.2.205 which is used on your internal LAN. Let’s suppose that the IP address at the router is 63.82.14.102 (NAT at work).

      Let’s further assume that server B has an IP address of 75.113.23.10. In addition this server (server B) has a connection document pointing to server A. If the connection document from A points to 63.82.14.102 I believe you should be able to connect.

      The situation with which I work is similar. I have a client for whom we provide administrative support. His Domino R5 server is on the far side of a router with NAT enforced. When this was first implemented we changed the connection document but were still unable to connect. To complete the remedy we had to make sure port 1352 was open. Port 1352 is the “well know port” used for Notes/Domino RPC.

      Hope this helps.
      DW

    • #3899085

      NAT and Domino R5

      by netmetric ·

      In reply to NAT and Domino R5

      You would have to use a static nat address. if you are using dynamic nat or pat it is impossible for the router to guess where you want the traffic to go.

      It sounds like you are using static nat or real IP addresses on the other site and dynamic nat at your location.

      It is also important to know if you are connecting by name (ex. notes.mydomain.com )where dns is resolving the address and if you have a internal host files on the computers, confusion happens alot when referencing internal vs. external dns server.
      double check dns information and settings.

      Dynamic NAT does hide internal hosts, but static NAT opens the door to the host that you are translating the address. The effect is just like what you accomplished by not using NAT and using real IP addresses. Depending on the router you can use extendable nat and translate to a specific port and use dynamic nat on the others.

      If your goal is to protect the hosts, Access-lists filtering out the incomming traffic would be my first step. Permit

    • #3745498

      NAT and Domino R5

      by rockdawiz ·

      In reply to NAT and Domino R5

      This question was closed by the author

Viewing 2 reply threads