[SLE] Routing question!!

[andy]

Hi,

Can't really make sense of your diagram. How many clients have you got and
what are trying to achieve? Also, what type of firewall are you trying to
achieve, a masquerading/NAT one, (in which case you need routing turned on),
or a application level one, (in which case you need it turned off).

If you've got this many servers I would suggest you install masquerading/NAT
firewall with routing turned on one one of them. This would have to be a
dual-homed (2 network interfaces) machine. On this you could also run one of
the excellent IDS systems out there, (SuSE have they're own secchk), and
maybe realtime monitoring of the log files with something like swatch. This
can be connected directly to an application level firewall, (again, 2
network interfaces), using squid for HTTP and (tunnelled) FTP and, if
necessary SuSE's ftp-proxy if you need better FTP connection. You can run a
mail server with smapd or postfix and DNS on this server. It would look like
this

Internet
     |
Masquerading/NAT firewall
     |
Application level gateway
     |
Clients

Looking at your diagram again it may be that that is what you're trying to
do. Is that right?

Andy

-----Original Message-----
From: Mark A. Tagliaferro <be_lak at yahoo.co.uk>
To: Admin <linux-admin at vger.kernel.org>; Networking
<linux-net at vger.kernel.org>; SuSE Linux <suse-linux-e at suse.com>; Samba
<samba at lists.samba.org>
Date: Thursday, November 29, 2001 10:37 AM
Subject: [SLE] Routing question!!


>I have the following system where I'm using Suse 7.1 on the servers:
>
>               172.22.2.0/24   172.22.3.0/24   172.22.4.0/24
>                   Clients         Clients         Clients
>   Internet         Win95           Win95           Win95
>      |               |               |               |
>+----------+    +----------+    +----------+    +----------+
>|   Srv1   |    |   Srv2   |    |   Srv3   | |   srv4   |
>+----------+    +----------+    +----------+    +----------+
>      |               |               |               |
>      +---------------+---------------+---------------+
>          backbone network  172.22.1.0/24
>
>On srv1 I have masquerading, NAT,  firewall etc running and it's working
well.
>From the other servers I have access to the internet.  The problem comes is
on
>the client side.  Even though they are connecting (via samba) to the linux
>servers they are not getting internet access.  They manage to ping the nic
on
>the server but nothing on the backbone and obviously nothing on the net.
>
>The servers are abviously not routing the packets.  Can this be simply
solved
>by fixing the route.conf or do i need to set up masquerading on all the
>servers?  Should I also be doing something to the samba config file?
>Thanks
>Mark
>
>__________________________________________________
>Do You Yahoo!?
>Everything you'll ever need on one web page from News and Sport to Email
and Music Charts
>http://uk.my.yahoo.com
>
>--
>To unsubscribe send e-mail to suse-linux-e-unsubscribe at suse.com
>For additional commands send e-mail to suse-linux-e-help at suse.com
>Also check the FAQ at http://www.suse.com/support/faq and the
>archives at http://lists.suse.com
>
>