IPCop and VMWare
I have the following virtual domain set up; IPCop 1.4.15 and 4 Windows 2003 servers, 1 with Exchange 2003, installed in VMWare Server. The Extra Interfaces add-on is installed in IPCop allowing the use of a Gray interface that has more flexibility than the IPCop Blue interface. SNAT is also installed in IPCop.
The purpose of this setup is for a Disaster Recovery study. All of the hosting site servers and computers would be behind the remote site firewall with specific rules allowing only access to VPN, webmail and web site in the VMware instance. The clients on LAN2 would have access to the virtual domain as any normal domain with user and group rights, group policy, domain resources, etc...
As shown in the diagram, everything except Client1 is running within a Virtual Server, for now, on a Vista machine. Red interface (external IP) connected to one of the Vista NICs, Client1 connected directly with a crossover cable to the other NIC and set up with a static IP for now.
Red: eth1 yyy.yyy.yyy.210 SN 255.255.255.0
- DNS1 zzz.zzz.zzz.37 DNS2 zzz.zzz.zzz.144 GW yyy.yyy.yyy.1
- Bridged with LAN1
Green: eth0 IP 10.165.21.2 SN 255.255.255.128
- Server1: IP 10.165.21.6 SN 255.255.255.128 GW 10.165.21.2
IP 10.165.21.12 SN 255.255.255.128 GW 10.165.21.2
- Server2: IP 10.165.21.7 SN 255.255.255.128 GW 10.165.21.2
Orange: eth2 IP 10.165.20.2/24 SN 255.255.255.0
- Server3: IP 10.165.20.6 SN 255.255.255.0 GW 10.165.20.2
- Server4: IP 10.165.20.3 SN 255.255.255.0 GW 10.165.20.2
Gray: eth3 IP10.165.21.129 SN 255.255.255.128
- Bridged with LAN2
- Allow access to IPCop DNS
- Allow access to Red HTTP
- Allow access to Red DNS
- Allow access to Red TCP, UDP and ICMP
- Client1: IP 10.165.21.141 (st) SN 255.255.255.128 GW 10.165.21.129
Server1 on Green
- can ping eth2 server3 server4 eth3
- cannot ping anything else on Gray
- resolves nslookup query through server1 and can surf the net
Server3 on Orange
- can ping eth0 server1 server2 eth3
- cannot ping anything else on Gray or anything on the outside
- can resolve nslookup query through server3 and can surf the net
Client1 on Gray:
- can ping eth0 server1 server2 eth2
- can ping Server1 by its NetBIOS name
- can map and access shares on Server1
- cannot ping anything on the outside
- resolves nslookup query through server1 and cannot surf the net
- cannot join the virtual domain
- cannot receive DHCP info from Server1
SNAT is installed on IPCop and configured for VPN, WEB and WEBMAIL access. Access to Webmail, the VPN connection and surfing on the website work just fine from an outside computer.
The implemented port forwarding rules are:
Gray will need to:
- Join the virtual domain
- Use DHCP on Server1
- Surf the net
I've messed around with lots of stuff, but no go... I'm not a routing guru!
If needed, Gray clients could get an IP from the IPCop DHCP server. Could that IP then be NATed to the Green subnet, thus allowing the client to join the domain and get a DHCP address? Would Iptable entries be the way to go? Is this at all possible?
Any ideas are welcome! Thanks
IPCop and VMWare
So my problem boils down to:
- What needs to be done for Client1 to be able to join the virtual domain?
- Once on the virtual domain, can Client1 get DHCP settings?
- Why can't Client1 surf the net?