[Samba] Samba Domain Controller + Router

David Donahue ddonahue at ccs.neu.edu
Sun Aug 3 23:41:38 GMT 2003

I have a Samba Domain Controller running on a Windows/Linux hybrid
network.  Actually, the network is in a state of transition right now and
I'm occupying my time by planning its re-design.  So, assume that when I
set it up again, I'll be using the latest release of Samba (or any
previous release you may recommend).

Now, to the point... A couple of the Windows clients on this domain will,
without going into much explanation of why, be behind a simple Linksys
router.  This means that the only way they can connect to the Samba domain
is via TCP port forwarding through the router.  My knowledge of the
protocols of a Windows domain being somewhat limited, I question if this
is possible.  Through no other means than forwarding TCP ports through the
router, (and through which ports in which direction?) is it possible for
multiple (read as 2 or 3) computers on the other side of that router to be
members of the Windows domain?

The computers on the other side of the router are, at the moment, running
Win2000.  But, over time, replacements will have later versions of
Windows.  Now, I would imagine that, if TCP port forwarding is enough,
then the clients won't have a problem.  They'd simply see the router as
the Domain Controller, right?  But then, through that controller (Samba),
can they browse the rest of the machines on the domain?  Note that such
browsing wouldn't be entirely necessary, but if it's possible it would at
least make the network setup somewhat more transparent to the users.

Where I become most unclear, however, is the fact that, from the Domain
Controller's perspective, the router would be a single source (IP
address) for multiple machines.  Can it distinguish between those machines
on the other side of the router?  Can they, too, be browsed on the domain
by the rest?  Note also that the router exibits different behavior in
different directions, and I can "invert" the direction if need be.
Connections coming in on the WAN port must be forwarded by port number as
specified ahead of time.  Connections coming in on the LAN port, however,
pretty much have free reign to go as they please and expect a response.
It matters little to me which side of the network is WAN and which is LAN
from the router's perspective.

Any help you can give me in this would be very much appreciated.  Thank
you for your time.

David P. Donahue
ddonahue at ccs.neu.edu

More information about the samba mailing list