Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

NAT fails intermittently?

1 view
Skip to first unread message

Mike Vybiral

unread,
Nov 30, 2003, 4:22:30 AM11/30/03
to
Problem:
External access from Internet to internal IIS5 site via static NAT in
BM(3.7?) fails intermittently. Problem remains with and without BM
filtering. Internal access to same IIS5 site is stable. Symptoms the
same when attempting access from DMZ.

Context:
College has 2Mb/s NTL link. Local router has public address
80.6.88.174. Bordermanager has address range 80.6.88.161 to
80.7.88.170. .166 is set up for static NAT to 172.16.10.92 which is
one of the addresses on IIS5/Win2000. BM also handles Internet access
(out) for students via proxy and remote access (in) to GW email with
no apparent problem. IIS5 hosts a range of sites for internal and
external use. All use asp and are stable from the intranet. This
particular site uses windows authentication for external access by
staff. A similar site on the same IIS5 box is used for external
access (.165) by students/parents. This is set up for anonymous
access (i.e. no windows authentication) yet seems to display the same
symptoms. Disussion with our Novell supplier/support has yet to yield
a solution to this pressing problem.

Request:
Any pointers to a solution would be much appreciated. It's great that
staff are willing to work from home to update student reports/records
but this problem is eroding their goodwill. Don't hesitate to ask for
clarification or further details. As you may gather, I know less
about BM than teaching students!

Regards to all,
Mike Vybiral
Beauchamp College
Leicester UK

Craig Johnson

unread,
Nov 30, 2003, 12:01:10 PM11/30/03
to
What is the patch level of the BMgr server? In particular, look at the
TCPIP and NAT versions, and the LAN drivers involved.

Have a look at tip #1 at the URL below.

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com ***

Mike Vybiral

unread,
Dec 1, 2003, 2:47:54 PM12/1/03
to
Craig
Many thanks for your reply.

> What is the patch level of the BMgr server? In particular, look at the
> TCPIP and NAT versions, and the LAN drivers involved.

Our IT Manager has given me this info:

Border Manager 3.7. SP2
BRDSRV.NLM 3.60.02 14.9.01
TCPIP 607Jrev2 6.17.08 27.2.03
NAT 6.00.10
LAN Drivers
NIC to router Driver N100
NIC to network Q5.7

Please let us know if you require further info.
Hoping you have some suggestions, thankds again
Mike

Craig Johnson

unread,
Dec 1, 2003, 4:40:28 PM12/1/03
to
In article <37f74752.03120...@posting.google.com>, Mike
Vybiral wrote:
> NIC to router Driver N100
> NIC to network Q5.7
>
You have what could be the worst possible set of NIC drivers for
NetWare servers I have ever seen... (Depending on the patch level and
LAN driver level).

Both of these NIC's have suffered from very bad LAN drivers recently.
See the following URL for some history of the Q57/B57 problems:

http://www.craigjconsulting.com/b57.html

The N100 card is known to have issues with a recent driver,
particularly if IP and IPX are both bound. I think the problem driver
revision is 7.0, but I can't recall for sure. I believe it worked
better using a 6.x driver. At any rate, you might want to look at
these drivers very closely, and try different versions.

Mike Vybiral

unread,
Dec 2, 2003, 12:07:33 AM12/2/03
to
Craig
Much appreciated. I'll pass this on when we all wake up in the UK.
In the meantime,
1. If the NICs are causing the problem, how could traffic be monitored
to confirm this?
2. Again if the NICs are causing the problem, would not the normal IP
traffic associated with students accessing the Internet also be
affected?
Hope to hear.
Thanks,
Mike

Craig Johnson

unread,
Dec 2, 2003, 8:34:39 PM12/2/03
to
In article <147osv07vtvk5a09u...@4ax.com>, Mike Vybiral
wrote:

> 1. If the NICs are causing the problem, how could traffic be monitored
> to confirm this?

Personally, I think trial & error is good at this point.

> 2. Again if the NICs are causing the problem, would not the normal IP
> traffic associated with students accessing the Internet also be
> affected?
>

NAT, TCPIP.NLM and the LAN drivers are all inter-related. I can see
where NAT (or filtering) might be affected by a TCPIP issue, which might
be affected by a LAN driver issue.

Mike Vybiral

unread,
Dec 4, 2003, 6:51:43 PM12/4/03
to
Craig
Thanks again for your comments.
Both NICs have been replaced with a pair of Intel pro 1000MT and CE1000
drivers. Unfortunately the symptoms persist.
We now have a parallel 2Mb/s link from the internet to the iis5 server
independent of bordermanager and the NTL link. This seems to work fine.
Do you have any further ideas? Although the heat has gone out of the
situation, (because staff can use the parallel link), the problem still
needs sorting.
Any pointers would be appreciated.
Regards,
Mike

"Craig Johnson" <cra...@ix.netcom.com> wrote in message
news:VA.0000346...@ix.netcom.com...

Craig Johnson

unread,
Dec 6, 2003, 12:12:00 PM12/6/03
to
What if you drop the speed from 1000Mbps to 100?

Mike Vybiral

unread,
Dec 7, 2003, 5:26:33 AM12/7/03
to
Craig
Thanks for your reply.
Both NICs are working at 100Mb/s.
Mike

"Craig Johnson" <cra...@ix.netcom.com> wrote in message

news:VA.000034b...@ix.netcom.com...

Craig Johnson

unread,
Dec 7, 2003, 11:00:25 AM12/7/03
to
I have a feeling you should open an incident on this one.

Is this a Compaq server? Is it a Dual CPU server?

If so, is it patched to the latest System ROM bios (and other bios
versions, as determined by Compaq Insight Manager)?

0 new messages