Re: Routing entries ProCurve5308XL

Gauler · ‎01-23-2003

Hello, ich have trouble with a route in my 5308xl. I want a route to one server in the internet (virusupdate) because the software don't work with a proxy. I have 3 VLAN and want every LAN to get a direct connection. So I write down the IP and add the route with out firewall as default gateway. So in one VLAN 208.... it works, in the other 192.... not, perhaps because the firewall is in the 208... Network too. Any Ideas?

Ron Kinner · ‎01-23-2003

You need to turn on IP routing on the 5308. Then assign each VLAN on the switch an IP address. Then tell the switch about the route to the internet that bypasses the proxy. Now tell your hosts about the route to the internet but tell them to use the IP address you assigned on the switch as their gateway.

For what it is worth. Most antivirus programs have a method of letting one master host get the updates and then the others just ask the master host for the latest update. Norton certainly does since that's what we use here.

Ron

Gauler · ‎01-23-2003

In one of our VLANs, their is a domain that have their own Administator, we don't want any trusts but they need our Anti-Vir-programm, and CAs programm only works with downloading something from the server (with Win98 Clients). So is whats you described was right, but it wasn't a hint or?

Ron Kinner · ‎01-24-2003

Sorry, having a little problem understanding what you want. Expect we have a translation problem. Say it in German please. I worked with the German Air Force for 11 years and have no problem reading German tho I'm too lazy to write it.

Ron

Gott erschuf mit letzem Geld
Mechernich/Eiffel am Arsch der Welt

Gauler · ‎01-29-2003

Hallo, werde mal mein Problem auf Deutsch schildern, f??llt mir auch etwas leichter :-)
Also in einem der VLANs l??uft eine andere NT4 Dom??ne, es bestehen keinerlei Trusts zwischen den Dom??nen und deshalb kann sich das Antivirenprogramm nicht updaten da es eine Freigabe ben??tigt. Unter Win98 ist es leider nicht m??glich net use mit anderem Benutzernamen zu erm??glichen. Das ist der Grund warum ich eine Route einprogrammiert habe die eine bestimmte Adresse ins Internet direkt routen soll (ohne Proxy). Leider funktioniert das nur in dem Netz in dem auch die Firewall steht, nicht aber in dem anderen, ich kapiere nicht warum. Wenn ich die internetadresse anpinge, dann l??st er mir den Namen auch auf aber bekommt keine Antwort, beim Tracert erreicht er den Switch aber kommt nicht weiter, ich wei?? nicht so recht wo ich den fehler suchen soll...

Gru??
Chris

bernard goehrs · ‎01-29-2003

Hallo,

Was ist denn zwischen der Firewall und dem Internet? Ein Router ?

Bernard

Ron Kinner · ‎01-29-2003

OK.

The fact that the DNS lookup works only means that you can contact the local DNS. (do

ipconfig /all

to see what your DNS address looks like. It's probably a local address.)

Since your trace gets you to the switch we can assume your host's routing is correct. The switch apparently has a registered address since you mentioned that 208 works. I bet that when you bypass the firewall and try to go directly to the internet that you lose your NAT. (Network Address Translation) Firewalls often provide a NAT service as this conserves registered addresses and also hides details of the internal network from the evil doers on the Internet. 192.168.x.x is a private address which is not allowed on the Internet so something has to be changing it to a registered address. Hosts on the 208 have registered addresses and can thus speak directly on the Internet without NAT. No doubt the switch is sending the packet to the ISP which looks at the return address and says "private address,no route available, drop it" and that's why the trace stops at the switch.

You need to find out which device is doing the NAT and see if you can get it to just do NAT and not proxy. Alternatively you add a cheap PC running Linux with two NICs (one on the 208 and one on the 192) and let it do the NAT. (Linux calls it masquerading instead of NAT if I remember correctly). You might be able to pick up a cheap NAT capable router which might be easier to work with or if there is a router already involved it might be able to help.

Which antivirus software are you using? There might be another way to get it to work. Perhaps the problem is not the proxy so much as the firewall blocking some critical port?

Ron

OLARU Dan · ‎02-05-2003

Hi.
Ich sprache nicht Deutsch :)

Ron, I think Gauler uses Computer Associates' (CA)InoculateIT antivirus. He mentioned this after your first replay. This AV uses TCP/UDP ports 42508 - 42510. It also uses NetBIOS (ports 13*).

Gauler, we use this AV also and we have setup a CA server in our LAN. From this server we installed the clients (which neded to run NetBIOS so the server would see the NetBIOS names of the clients). Only the server takes the virus signatures from the CA's site. Each client is setup to update the signatures from the internal server. The problem is that not all PCs on our LAN are updating the signatures! This problem doesn't seem to depend on VLANs. The CA software (version 6.0.101) might have a bug in the updating/distribution routines.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Routing entries ProCurve5308XL

Routing entries ProCurve5308XL