To answer your question, on the WAN side, the router and the win2000server have static addresses assigned by the maintainer of the WAN. The IP of eth1 on the Linux box is assigned from the same subnet by me.
I'm using ipchains on the Linux box and I'm still somewhat unclear on what you propose below. I need to do more reading on this and the SAMBA cross subnet browsing docs and try again tomorrow to resolve the problem. thanks, tony Ron Johnson wrote: > I think I would run IP Tables/chains on win2000server (but > not IP masq!!), then, I'd open win2000server's smbd & nmbd > ports (138 & 139?) up _only_ to the-IP-addr-that-is-masq-box's- > eth1. > > That way, I think, win2000server would be secured against the > outside, yet available to the private LAN. > > Just curious: why must win2000server have a routable address? > > On Mon, 2002-05-20 at 00:34, tony mollica wrote: > > No misunderstanding. For the purpose of this discussion, > > what you've written is true. However, while I can ping > > from one side to the other, what I need to do is have the > > share on the win2000server show up in the browse list(s) on > > the LAN side clients. Samba 2.0.7 is running on the Linux > > masq and a winnt4 server providing WINS on the LAN side. I > > suspect that there is something missing in the SAMBA config > > that I need to make this work. To be clear, I have no > > control over the WAN side of this setup other than a useable > > share on the win2000server. If there is no alternative, I > > can change the entire LAN side to the IP network of the WAN > > side and remove the Linux masq, but I would prefer to keep it > > in place. I do have an allottment of IP addresses to use. > > > > Ron Johnson wrote: > > > Maybe I'm misunderstanding things, but it sounds like the > > > win2000server is going to be exposed to the internet, and > > > thus on the same network as the router and the Masquerader's > > > eth1. So, it will need a routable IP address. Thus... the > > > masqueraded Winboxen won't have to do anything. > > > > > > > > On Sun, 2002-05-19 at 22:42, tony mollica wrote: > > > > Thanks for the reply. What I need to do is > > > > have the windows clients on the LAN side > > > > (192.168.100.0/24) be able to access a shared > > > > directory on a win2000server box on the WAN > > > > side (10.x.x.0/24) and still preserve my Linux masq. > > > > I cannot change the IP's on the WAN side with > > > > the exception of the masqing machine as they > > > > are remotely administrated. > > > > > > > > > > > > Glen Lee Edwards wrote: > > > > > > > > > > May 9, at 18:26, tony mollica sent through the Star Gate: > > > > > > > > > > >Hello. I have a mixed network of Linux (Debian) and windows > > > > > >machines in the arrangement below. > > > > > > _______ ______ ______ > > > > > > | | | | | | > > > > > >--->|router |----| Linux|----|switch|---(192.168.x.x network) > > > > > > T1 |_______| |______| |______| > > > > > > | > > > > > > eth1 eth0 > > > > > > WAN IP Masq Machine LAN > > > > > > > > > > > >Real IP addresses on the router side with the > > > > > >192.168.x.x on the switch side. I need to put > > > > > >a another box on the router side but still > > > > > >have the internal LAN clients access this > > > > > >computer from the inside. The new computer > > > > > >is required to be windows, and there will be > > > > > >only windows clients accessing it. > > > > > > > > > > How you configure it will depend on what you need to use it for, and > > > > > if you have > > > > > a single dynamic IP address (which is assigned to the router) or a > > > > > static subnet > > > > > from your ISP. > > > > > > > > > > Most likely you have a dynamic address for your router. In that > > > > > case, the WAN > > > > > side of the router gets that address, the LAN side is most likely > > > > > assigned > > > > > something in the 10.0.0.x range. You can have the router do this, or > > > > > you can > > > > > assign the IP addresses yourself - 10.0.0.1 to the LAN side of the > > > > > router, > > > > > 10.0.0.2 to eth0 on the Linux box, and 10.0.0.3 to the new Windows > > > > > box. Then, > > > > > in Linuxconf, set up your routes to other hosts to show that to get > > > > > to the new > > > > > Windows box routing has to go through the 10.0.0.x subnet. > > -- > +---------------------------------------------------------+ > | Ron Johnson, Jr. Home: [EMAIL PROTECTED] | > | Jefferson, LA USA http://ronandheather.dhs.org:81 | > | | > | "I have created a government of whirled peas..." | > | Maharishi Mahesh Yogi, 12-May-2002, | > ! CNN, Larry King Live | > +---------------------------------------------------------+ > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- tony mollica [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
