On Mon, 2002-05-20 at 00:34, tony mollica wrote: > No misunderstanding. For the purpose of this discussion, > what you've written is true. However, while I can ping > from one side to the other, what I need to do is have the > share on the win2000server show up in the browse list(s) on > the LAN side clients. Samba 2.0.7 is running on the Linux > masq and a winnt4 server providing WINS on the LAN side. I > suspect that there is something missing in the SAMBA config > that I need to make this work. To be clear, I have no > control over the WAN side of this setup other than a useable > share on the win2000server. If there is no alternative, I > can change the entire LAN side to the IP network of the WAN > side and remove the Linux masq, but I would prefer to keep it > in place. I do have an allottment of IP addresses to use.
I think I would run IP Tables/chains on win2000server (but not IP masq!!), then, I'd open win2000server's smbd & nmbd ports (138 & 139?) up _only_ to the-IP-addr-that-is-masq-box's- eth1. That way, I think, win2000server would be secured against the outside, yet available to the private LAN. Just curious: why must win2000server have a routable address? > Ron Johnson wrote: > > Maybe I'm misunderstanding things, but it sounds like the > > win2000server is going to be exposed to the internet, and > > thus on the same network as the router and the Masquerader's > > eth1. So, it will need a routable IP address. Thus... the > > masqueraded Winboxen won't have to do anything. > > > > > On Sun, 2002-05-19 at 22:42, tony mollica wrote: > > > Thanks for the reply. What I need to do is > > > have the windows clients on the LAN side > > > (192.168.100.0/24) be able to access a shared > > > directory on a win2000server box on the WAN > > > side (10.x.x.0/24) and still preserve my Linux masq. > > > I cannot change the IP's on the WAN side with > > > the exception of the masqing machine as they > > > are remotely administrated. > > > > > > > > Glen Lee Edwards wrote: > > > > > > > > May 9, at 18:26, tony mollica sent through the Star Gate: > > > > > > > > >Hello. I have a mixed network of Linux (Debian) and windows > > > > >machines in the arrangement below. > > > > > _______ ______ ______ > > > > > | | | | | | > > > > >--->|router |----| Linux|----|switch|---(192.168.x.x network) > > > > > T1 |_______| |______| |______| > > > > > | > > > > > eth1 eth0 > > > > > WAN IP Masq Machine LAN > > > > > > > > > >Real IP addresses on the router side with the > > > > >192.168.x.x on the switch side. I need to put > > > > >a another box on the router side but still > > > > >have the internal LAN clients access this > > > > >computer from the inside. The new computer > > > > >is required to be windows, and there will be > > > > >only windows clients accessing it. > > > > > > > > How you configure it will depend on what you need to use it for, and if > > > > you have > > > > a single dynamic IP address (which is assigned to the router) or a > > > > static subnet > > > > from your ISP. > > > > > > > > Most likely you have a dynamic address for your router. In that case, > > > > the WAN > > > > side of the router gets that address, the LAN side is most likely > > > > assigned > > > > something in the 10.0.0.x range. You can have the router do this, or > > > > you can > > > > assign the IP addresses yourself - 10.0.0.1 to the LAN side of the > > > > router, > > > > 10.0.0.2 to eth0 on the Linux box, and 10.0.0.3 to the new Windows box. > > > > Then, > > > > in Linuxconf, set up your routes to other hosts to show that to get to > > > > the new > > > > Windows box routing has to go through the 10.0.0.x subnet. -- +---------------------------------------------------------+ | Ron Johnson, Jr. Home: [EMAIL PROTECTED] | | Jefferson, LA USA http://ronandheather.dhs.org:81 | | | | "I have created a government of whirled peas..." | | Maharishi Mahesh Yogi, 12-May-2002, | ! CNN, Larry King Live | +---------------------------------------------------------+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
