Mikkel; Thanks for the quick reply. I'll respond to your comments in order, so here goes.The hard part on this one is that because of the ADSL modem, you will have to give it an address in the 192.168.0.0 network, or the modem will not talk to it. But you have to pick an address and netmask so that it only includes that IP, and 192.168.0.1 for the modem. Otherwise, you will not be able to talk to the lower network because normaly all trafic for 192.168.0.0 out go through that interface. What range of IP addresses is the ADSL modem giving out? Sometimes they start with 192.168.0.100, or something handy like that. If so, you could use an address of 192.168.0.2 for the interface, with a netmask of 255.255.255.252 (I think I figured that right...), and a static route of 192.168.0.1 gw 192.168.0.2 to talk to the upstairs ADSL modem.
1) I will not be running a DHCP service on the upstairs network at all. Since the LAN is small, since DHCP is partly responsible for the existing problem, and since there's no actual need for it, I'll be staying away from DHCP completely.
The ADSL modem that Peter has upstairs runs a DHCP service, but it's only connected to the first NIC (eth0) and that NIC also has a static IP address. Also, I've avoided using the same subnets anywhere, so if the downstairs ADSL modem and LAN are blocked from affecting the upstairs LAN via routing and Firewalling, they should have little or no effect on the upstairs LAN ( Fingers crossed!).
There is also a way to do it with a netmask of 255.255.255.255, but I do not know how to do it.
>
Also, the file sharing in this scenario only has to go one way where the upstairs network needs access to file shares on the downstairs network. That's why I intend to use the firewall to block all traffic from downstairs to upstairs, but to allow SMB and Appletalk from upstairs to downstairs.This will use a route of 192.168.0.0 netmask 255.255.255.0 eth2. If you could add a static route to the machines on the lower network, you could specify the IP of this interface as the gateway to the 10.0.0.0 subnet. Without this, you will have to have this interface apeare as a single machine to the 192.168.0.0 network, and masquarade the upstairs network behind it in the same way you do for the upstairs ADSL modem. The drawback to this is that the machines on the lower network have no way to talk to the machines on the uper network, except when responding to communications from the upper machine. In other words, the upper machines could ping the lower machines, but the lower machines could only ping the Linux box.
The server upstairs has a dedicated NIC which is configured for the downstairs subnet (192.168.0.0), so as to provide the one-way file-sharing that Peter needs. That way he can access the shares which are downstairs from the upstairs network.
You may be able to use Samba to overcome this, but I have not done it. You will have to set up Samba to be handle multipul subnets, and share the names between subnets. The HOWTO on how to do this will give you a fair amount of reading. (I have not read it in a couple of years, and Samba has evolved sence then...)
Once routing is up and running, I only need to deny everything coming from the downstairs network, and then to allow the upstairs to access the downstairs on ports 135, 137, 139 for Samba, and maybe port 548 for Appletalk.The thing that makes this hard is the two modems with the same IP address, and both wanting to set the default route through them. Also, the protocal used by Samba doesn't work well across different subnets. (Blame Microsoft - they designed it that way...)
So the overall idea is to have two active ADSL connections, two LAN's on two subnets with two separate gateways, and one LAN with one-way file-sharing access from up to down stairs. Routing and firewalling should be able to do that, if I can figure out how to configure the iproute2 software. Downstairs will not have any access whatsoever to the upstairs network, unless the connection is "related/established" by the upstairs network.
All the systems downstairs are running Windows (XP, XP Home, and NT 4.0 Server), and all have shares running on them, which we can currently see as long as one of the modems is disabled. Once they are both connected, twp dhcp servers are started and attempt to server identical IP ranges on the exact same subnets.
So, everything for the upstairs network is managed by the Linux server, and there is no access by the downstairs network to the upstairs network.
OH, One more thing,...Peter's brother is away on holidays, and we're trying to get this done before he returns. We don't have physical access to the downstairs network.
Simple, HUH?
Lanman
If I have thing right:
eth0 10.0.0.0 netmask 255.255.255.0 Upstairs network. eth1 192.168.0.0 netmask 255.255.255.252 Upstairs ADSL modem. eth2 192.168.0.0 netmask 255.255.255.0 downstairs network.
routes:
10.0.0.0 netmask 255.255.255.0 eth0 192.168.0.1 eth1 192.168.0.0 netmast 255.255.255.0 eth2 default gw 192.168.0.1
You are also going to want to run a nameserver on the Linux machine, and have all the machines on the uppder network use it as their nameserver. Otherwise, if your ISP changes their name servers, you would have to change it on all the machines. This way, you only have to change it on the Linux machine.
Mikkel --
Do not meddle in the affairs of dragons, for you are crunchy and taste good with Ketchup!
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
