Re: Network problem/question.
On Mon, 2002-05-20 at 02:11, tony mollica wrote:
> To answer your question, on the WAN side, the router and
> the win2000server have static addresses assigned by the
> maintainer of the WAN. The IP of eth1 on the Linux box is
> assigned from the same subnet by me.
>
> I'm using ipchains on the Linux box and I'm still somewhat
> unclear on what you propose below. I need to do more reading
Duh!!!!! Yes, I _do_ know that it's impossible to use
IP Tables/chains on Windows...
However, there _are_ firewalls for WinNT/2k, and that will
serve the same purpose...
> on this and the SAMBA cross subnet browsing docs and try
> again tomorrow to resolve the problem.
How are you securing the win2000server against The Bad Guys?
> Ron Johnson wrote:
> > I think I would run IP Tables/chains on win2000server (but
> > not IP masq!!), then, I'd open win2000server's smbd & nmbd
> > ports (138 & 139?) up _only_ to the-IP-addr-that-is-masq-box's-
> > eth1.
> >
> > That way, I think, win2000server would be secured against the
> > outside, yet available to the private LAN.
> >
> > Just curious: why must win2000server have a routable address?
> >
>
>
> > On Mon, 2002-05-20 at 00:34, tony mollica wrote:
> > > No misunderstanding. For the purpose of this discussion,
> > > what you've written is true. However, while I can ping
> > > from one side to the other, what I need to do is have the
> > > share on the win2000server show up in the browse list(s) on
> > > the LAN side clients. Samba 2.0.7 is running on the Linux
> > > masq and a winnt4 server providing WINS on the LAN side. I
> > > suspect that there is something missing in the SAMBA config
> > > that I need to make this work. To be clear, I have no
> > > control over the WAN side of this setup other than a useable
> > > share on the win2000server. If there is no alternative, I
> > > can change the entire LAN side to the IP network of the WAN
> > > side and remove the Linux masq, but I would prefer to keep it
> > > in place. I do have an allottment of IP addresses to use.
> >
>
> >
> > > Ron Johnson wrote:
> > > > Maybe I'm misunderstanding things, but it sounds like the
> > > > win2000server is going to be exposed to the internet, and
> > > > thus on the same network as the router and the Masquerader's
> > > > eth1. So, it will need a routable IP address. Thus... the
> > > > masqueraded Winboxen won't have to do anything.
> > >
> > > >
> > > > On Sun, 2002-05-19 at 22:42, tony mollica wrote:
> > > > > Thanks for the reply. What I need to do is
> > > > > have the windows clients on the LAN side
> > > > > (192.168.100.0/24) be able to access a shared
> > > > > directory on a win2000server box on the WAN
> > > > > side (10.x.x.0/24) and still preserve my Linux masq.
> > > > > I cannot change the IP's on the WAN side with
> > > > > the exception of the masqing machine as they
> > > > > are remotely administrated.
> > > >
> > >
> > > >
> > > > > Glen Lee Edwards wrote:
> > > > > >
> > > > > > May 9, at 18:26, tony mollica sent through the Star Gate:
> > > > > >
> > > > > > >Hello. I have a mixed network of Linux (Debian) and windows
> > > > > > >machines in the arrangement below.
> > > > > > > _______ ______ ______
> > > > > > > | | | | | |
> > > > > > >--->|router |----| Linux|----|switch|---(192.168.x.x network)
> > > > > > > T1 |_______| |______| |______|
> > > > > > > |
> > > > > > > eth1 eth0
> > > > > > > WAN IP Masq Machine LAN
> > > > > > >
> > > > > > >Real IP addresses on the router side with the
> > > > > > >192.168.x.x on the switch side. I need to put
> > > > > > >a another box on the router side but still
> > > > > > >have the internal LAN clients access this
> > > > > > >computer from the inside. The new computer
> > > > > > >is required to be windows, and there will be
> > > > > > >only windows clients accessing it.
> > > > > >
> > > > > > How you configure it will depend on what you need to use it for, and if you have
> > > > > > a single dynamic IP address (which is assigned to the router) or a static subnet
> > > > > > from your ISP.
> > > > > >
> > > > > > Most likely you have a dynamic address for your router. In that case, the WAN
> > > > > > side of the router gets that address, the LAN side is most likely assigned
> > > > > > something in the 10.0.0.x range. You can have the router do this, or you can
> > > > > > assign the IP addresses yourself - 10.0.0.1 to the LAN side of the router,
> > > > > > 10.0.0.2 to eth0 on the Linux box, and 10.0.0.3 to the new Windows box. Then,
> > > > > > in Linuxconf, set up your routes to other hosts to show that to get to the new
> > > > > > Windows box routing has to go through the 10.0.0.x subnet.
> >
> > --
> > +---------------------------------------------------------+
> > | Ron Johnson, Jr. Home: ron.l.johnson@cox.net |
> > | Jefferson, LA USA http://ronandheather.dhs.org:81 |
> > | |
> > | "I have created a government of whirled peas..." |
> > | Maharishi Mahesh Yogi, 12-May-2002, |
> > ! CNN, Larry King Live |
> > +---------------------------------------------------------+
> >
> > --
> > To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
> --
> tony mollica
> tmollica@silcom.com
>
>
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
--
+---------------------------------------------------------+
| Ron Johnson, Jr. Home: ron.l.johnson@cox.net |
| Jefferson, LA USA http://ronandheather.dhs.org:81 |
| |
| "I have created a government of whirled peas..." |
| Maharishi Mahesh Yogi, 12-May-2002, |
! CNN, Larry King Live |
+---------------------------------------------------------+
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: