[SLE] Routing question!!

andy anbennett at lineone.net
Thu Nov 29 18:14:03 GMT 2001


Can't really make sense of your diagram. How many clients have you got and
what are trying to achieve? Also, what type of firewall are you trying to
achieve, a masquerading/NAT one, (in which case you need routing turned on),
or a application level one, (in which case you need it turned off).

If you've got this many servers I would suggest you install masquerading/NAT
firewall with routing turned on one one of them. This would have to be a
dual-homed (2 network interfaces) machine. On this you could also run one of
the excellent IDS systems out there, (SuSE have they're own secchk), and
maybe realtime monitoring of the log files with something like swatch. This
can be connected directly to an application level firewall, (again, 2
network interfaces), using squid for HTTP and (tunnelled) FTP and, if
necessary SuSE's ftp-proxy if you need better FTP connection. You can run a
mail server with smapd or postfix and DNS on this server. It would look like

Masquerading/NAT firewall
Application level gateway

Looking at your diagram again it may be that that is what you're trying to
do. Is that right?


-----Original Message-----
From: Mark A. Tagliaferro <be_lak at yahoo.co.uk>
To: Admin <linux-admin at vger.kernel.org>; Networking
<linux-net at vger.kernel.org>; SuSE Linux <suse-linux-e at suse.com>; Samba
<samba at lists.samba.org>
Date: Thursday, November 29, 2001 10:37 AM
Subject: [SLE] Routing question!!

>I have the following system where I'm using Suse 7.1 on the servers:
>                   Clients         Clients         Clients
>   Internet         Win95           Win95           Win95
>      |               |               |               |
>+----------+    +----------+    +----------+    +----------+
>|   Srv1   |    |   Srv2   |    |   Srv3   | |   srv4   |
>+----------+    +----------+    +----------+    +----------+
>      |               |               |               |
>      +---------------+---------------+---------------+
>          backbone network
>On srv1 I have masquerading, NAT,  firewall etc running and it's working
>From the other servers I have access to the internet.  The problem comes is
>the client side.  Even though they are connecting (via samba) to the linux
>servers they are not getting internet access.  They manage to ping the nic
>the server but nothing on the backbone and obviously nothing on the net.
>The servers are abviously not routing the packets.  Can this be simply
>by fixing the route.conf or do i need to set up masquerading on all the
>servers?  Should I also be doing something to the samba config file?
>Do You Yahoo!?
>Everything you'll ever need on one web page from News and Sport to Email
and Music Charts
>To unsubscribe send e-mail to suse-linux-e-unsubscribe at suse.com
>For additional commands send e-mail to suse-linux-e-help at suse.com
>Also check the FAQ at http://www.suse.com/support/faq and the
>archives at http://lists.suse.com

More information about the samba mailing list