We're in the process of bringing a new BM3.9 SP1 (NetWare 6.5 ) server "online" to replace our current BM 3.6 SP2 (NetWare 5.1) server - which is failing (hardware related)...

The existing 3.6 server was configured by a consultant - who's no longer available - and our documentation from him is 6 years old. This server has four (4) NICs - one public, one private, and two for our "DMZ" webservers.

We've brought the new 3.9 server online in parallel sharing a common Cisco router (provided & maintained by our ISP).

Per Craig's recommendation - we disabled RIP on the new 3.9 server - and are able to use the proxy service to access the Internet in testing.

However, we're experiencing an issue where the logger screen on the new server is reporting: "AUTHCHK.NLM: IP address xxx.xxx.xxx.xxx attempted to Spoof xxx.xxx.xxx.xxx".

When this happens - the client (our test workstation) - who's IP address the server is complaining about - can no longer use the proxy. Interestingly - the IP address that its reportedly trying to spoof is the IP address assigned to GWIA (e-mail) on the old 3.6 server (public interface).

It appears that RIP was enabled on some (but not all) of the interfaces (NICs) on the existing 3.6 server - and of course we have no idea why (there appears to be "static routes" defined to the DMZs, etc).

As this is our production firewall - I hesitate to disable RIP without understandy why it was left enabled.

Any thoughts?