[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Network problem/question.

To answer your question, on the WAN side, the router and
the win2000server have static addresses assigned by the
maintainer of the WAN.  The IP of eth1 on the Linux box is
assigned from the same subnet by me.

I'm using ipchains on the Linux box and I'm still somewhat
unclear on what you propose below.  I need to do more reading
on this and the SAMBA cross subnet browsing docs and try
again tomorrow to resolve the problem.

thanks,
tony



Ron Johnson wrote:
> I think I would run IP Tables/chains on win2000server (but
> not IP masq!!), then, I'd open win2000server's smbd & nmbd
> ports (138 & 139?) up _only_ to the-IP-addr-that-is-masq-box's-
> eth1.
> 
> That way, I think, win2000server would be secured against the
> outside, yet available to the private LAN.
> 
> Just curious: why must win2000server have a routable address?
> 


> On Mon, 2002-05-20 at 00:34, tony mollica wrote:
> > No misunderstanding.  For the purpose of this discussion,
> > what you've written is true.  However, while I can ping
> > from one side to the other, what I need to do is have the
> > share on the win2000server show up in the browse list(s) on
> > the LAN side clients.  Samba 2.0.7 is running on the Linux
> > masq and a winnt4 server providing WINS on the LAN side. I
> > suspect that there is something missing in the SAMBA config
> > that I need to make this work.  To be clear, I have no
> > control over the WAN side of this setup other than a useable
> > share on the win2000server.  If there is no alternative, I
> > can change the entire LAN side to the IP network of the WAN
> > side and remove the Linux masq, but I would prefer to keep it
> > in place.  I do have an allottment of IP addresses to use.
> 

> 
> > Ron Johnson wrote:
> > > Maybe I'm misunderstanding things, but it sounds like the
> > > win2000server is going to be exposed to the internet, and
> > > thus on the same network as the router and the Masquerader's
> > > eth1.  So, it will need a routable IP address.  Thus... the
> > > masqueraded Winboxen won't have to do anything.
> >
> > >
> > > On Sun, 2002-05-19 at 22:42, tony mollica wrote:
> > > > Thanks for the reply.  What I need to do is
> > > > have the  windows clients on the LAN side
> > > > (192.168.100.0/24) be able to access a shared
> > > > directory on a win2000server box on the WAN
> > > > side (10.x.x.0/24) and still preserve my Linux masq.
> > > > I cannot change the IP's on the WAN side with
> > > > the exception of the masqing machine as they
> > > > are remotely administrated.
> > >
> >
> > >
> > > > Glen Lee Edwards wrote:
> > > > >
> > > > > May 9, at 18:26, tony mollica sent through the Star Gate:
> > > > >
> > > > > >Hello.  I have a mixed network of Linux (Debian) and windows
> > > > > >machines in the arrangement below.
> > > > > >     _______      ______      ______
> > > > > >    |       |    |      |    |      |
> > > > > >--->|router |----| Linux|----|switch|---(192.168.x.x network)
> > > > > > T1 |_______|    |______|    |______|
> > > > > >                     |
> > > > > >               eth1    eth0
> > > > > >     WAN        IP Masq Machine      LAN
> > > > > >
> > > > > >Real IP addresses on the router side with the
> > > > > >192.168.x.x on the switch side.  I need to put
> > > > > >a another box on the router side but still
> > > > > >have the internal LAN clients access this
> > > > > >computer from the inside.  The new computer
> > > > > >is required to be windows, and there will be
> > > > > >only windows clients accessing it.
> > > > >
> > > > > How you configure it will depend on what you need to use it for, and if you have
> > > > > a single dynamic IP address (which is assigned to the router) or a static subnet
> > > > > from your ISP.
> > > > >
> > > > > Most likely you have a dynamic address for your router.  In that case, the WAN
> > > > > side of the router gets that address, the LAN side is most likely assigned
> > > > > something in the 10.0.0.x range.  You can have the router do this, or you can
> > > > > assign the IP addresses yourself - 10.0.0.1 to the LAN side of the router,
> > > > > 10.0.0.2 to eth0 on the Linux box, and 10.0.0.3 to the new Windows box.  Then,
> > > > > in Linuxconf, set up your routes to other hosts to show that to get to the new
> > > > > Windows box routing has to go through the 10.0.0.x subnet.
> 
> --
> +---------------------------------------------------------+
> | Ron Johnson, Jr.        Home: ron.l.johnson@cox.net     |
> | Jefferson, LA  USA      http://ronandheather.dhs.org:81 |
> |                                                         |
> | "I have created a government of whirled peas..."        |
> |   Maharishi Mahesh Yogi, 12-May-2002,                   |
> !   CNN, Larry King Live                                  |
> +---------------------------------------------------------+
> 
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

-- 
tony mollica
tmollica@silcom.com


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: