On Mon, 2002-05-20 at 02:11, tony mollica wrote: > To answer your question, on the WAN side, the router and > the win2000server have static addresses assigned by the > maintainer of the WAN. The IP of eth1 on the Linux box is > assigned from the same subnet by me. > > I'm using ipchains on the Linux box and I'm still somewhat > unclear on what you propose below. I need to do more reading
Duh!!!!! Yes, I _do_ know that it's impossible to use IP Tables/chains on Windows... However, there _are_ firewalls for WinNT/2k, and that will serve the same purpose... > on this and the SAMBA cross subnet browsing docs and try > again tomorrow to resolve the problem. How are you securing the win2000server against The Bad Guys? > Ron Johnson wrote: > > I think I would run IP Tables/chains on win2000server (but > > not IP masq!!), then, I'd open win2000server's smbd & nmbd > > ports (138 & 139?) up _only_ to the-IP-addr-that-is-masq-box's- > > eth1. > > > > That way, I think, win2000server would be secured against the > > outside, yet available to the private LAN. > > > > Just curious: why must win2000server have a routable address? > > > > > > On Mon, 2002-05-20 at 00:34, tony mollica wrote: > > > No misunderstanding. For the purpose of this discussion, > > > what you've written is true. However, while I can ping > > > from one side to the other, what I need to do is have the > > > share on the win2000server show up in the browse list(s) on > > > the LAN side clients. Samba 2.0.7 is running on the Linux > > > masq and a winnt4 server providing WINS on the LAN side. I > > > suspect that there is something missing in the SAMBA config > > > that I need to make this work. To be clear, I have no > > > control over the WAN side of this setup other than a useable > > > share on the win2000server. If there is no alternative, I > > > can change the entire LAN side to the IP network of the WAN > > > side and remove the Linux masq, but I would prefer to keep it > > > in place. I do have an allottment of IP addresses to use. > > > > > > > > Ron Johnson wrote: > > > > Maybe I'm misunderstanding things, but it sounds like the > > > > win2000server is going to be exposed to the internet, and > > > > thus on the same network as the router and the Masquerader's > > > > eth1. So, it will need a routable IP address. Thus... the > > > > masqueraded Winboxen won't have to do anything. > > > > > > > > > > > On Sun, 2002-05-19 at 22:42, tony mollica wrote: > > > > > Thanks for the reply. What I need to do is > > > > > have the windows clients on the LAN side > > > > > (192.168.100.0/24) be able to access a shared > > > > > directory on a win2000server box on the WAN > > > > > side (10.x.x.0/24) and still preserve my Linux masq. > > > > > I cannot change the IP's on the WAN side with > > > > > the exception of the masqing machine as they > > > > > are remotely administrated. > > > > > > > > > > > > > > > > Glen Lee Edwards wrote: > > > > > > > > > > > > May 9, at 18:26, tony mollica sent through the Star Gate: > > > > > > > > > > > > >Hello. I have a mixed network of Linux (Debian) and windows > > > > > > >machines in the arrangement below. > > > > > > > _______ ______ ______ > > > > > > > | | | | | | > > > > > > >--->|router |----| Linux|----|switch|---(192.168.x.x network) > > > > > > > T1 |_______| |______| |______| > > > > > > > | > > > > > > > eth1 eth0 > > > > > > > WAN IP Masq Machine LAN > > > > > > > > > > > > > >Real IP addresses on the router side with the > > > > > > >192.168.x.x on the switch side. I need to put > > > > > > >a another box on the router side but still > > > > > > >have the internal LAN clients access this > > > > > > >computer from the inside. The new computer > > > > > > >is required to be windows, and there will be > > > > > > >only windows clients accessing it. > > > > > > > > > > > > How you configure it will depend on what you need to use it for, > > > > > > and if you have > > > > > > a single dynamic IP address (which is assigned to the router) or a > > > > > > static subnet > > > > > > from your ISP. > > > > > > > > > > > > Most likely you have a dynamic address for your router. In that > > > > > > case, the WAN > > > > > > side of the router gets that address, the LAN side is most likely > > > > > > assigned > > > > > > something in the 10.0.0.x range. You can have the router do this, > > > > > > or you can > > > > > > assign the IP addresses yourself - 10.0.0.1 to the LAN side of the > > > > > > router, > > > > > > 10.0.0.2 to eth0 on the Linux box, and 10.0.0.3 to the new Windows > > > > > > box. Then, > > > > > > in Linuxconf, set up your routes to other hosts to show that to get > > > > > > to the new > > > > > > Windows box routing has to go through the 10.0.0.x subnet. > > > > -- > > +---------------------------------------------------------+ > > | Ron Johnson, Jr. Home: [EMAIL PROTECTED] | > > | Jefferson, LA USA http://ronandheather.dhs.org:81 | > > | | > > | "I have created a government of whirled peas..." | > > | Maharishi Mahesh Yogi, 12-May-2002, | > > ! CNN, Larry King Live | > > +---------------------------------------------------------+ > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- > tony mollica > [EMAIL PROTECTED] > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- +---------------------------------------------------------+ | Ron Johnson, Jr. Home: [EMAIL PROTECTED] | | Jefferson, LA USA http://ronandheather.dhs.org:81 | | | | "I have created a government of whirled peas..." | | Maharishi Mahesh Yogi, 12-May-2002, | ! CNN, Larry King Live | +---------------------------------------------------------+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]