Hi,
Can't really make sense of your diagram. How many clients have you got and
what are trying to achieve? Also, what type of firewall are you trying to
achieve, a masquerading/NAT one, (in which case you need routing turned on),
or a application level one, (in which case you need it turned off).
If you've got this many servers I would suggest you install masquerading/NAT
firewall with routing turned on one one of them. This would have to be a
dual-homed (2 network interfaces) machine. On this you could also run one of
the excellent IDS systems out there, (SuSE have they're own secchk), and
maybe realtime monitoring of the log files with something like swatch. This
can be connected directly to an application level firewall, (again, 2
network interfaces), using squid for HTTP and (tunnelled) FTP and, if
necessary SuSE's ftp-proxy if you need better FTP connection. You can run a
mail server with smapd or postfix and DNS on this server. It would look like
this
Internet
|
Masquerading/NAT firewall
|
Application level gateway
|
Clients
Looking at your diagram again it may be that that is what you're trying to
do. Is that right?
Andy
-----Original Message-----
From: Mark A. Tagliaferro <be_lak@yahoo.co.uk>
To: Admin <linux-admin@vger.kernel.org>; Networking
<linux-net@vger.kernel.org>; SuSE Linux <suse-linux-e@suse.com>; Samba
<samba@lists.samba.org>
Date: Thursday, November 29, 2001 10:37 AM
Subject: [SLE] Routing question!!
>I have the following system where I'm using Suse 7.1 on the servers:
>
> 172.22.2.0/24 172.22.3.0/24 172.22.4.0/24
> Clients Clients Clients
> Internet Win95 Win95 Win95
> | | | |
>+----------+ +----------+ +----------+ +----------+
>| Srv1 | | Srv2 | | Srv3 | | srv4 |
>+----------+ +----------+ +----------+ +----------+
> | | | |
> +---------------+---------------+---------------+
> backbone network 172.22.1.0/24
>
>On srv1 I have masquerading, NAT, firewall etc running and it's working
well.
>From the other servers I have access to the internet. The problem comes is
on
>the client side. Even though they are connecting (via samba) to the linux
>servers they are not getting internet access. They manage to ping the nic
on
>the server but nothing on the backbone and obviously nothing on the net.
>
>The servers are abviously not routing the packets. Can this be simply
solved
>by fixing the route.conf or do i need to set up masquerading on all the
>servers? Should I also be doing something to the samba config file?
>Thanks
>Mark
>
>__________________________________________________
>Do You Yahoo!?
>Everything you'll ever need on one web page from News and Sport to Email
and Music Charts
>http://uk.my.yahoo.com
>
>--
>To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com
>For additional commands send e-mail to suse-linux-e-help@suse.com
>Also check the FAQ at http://www.suse.com/support/faq and the
>archives at http://lists.suse.com
>
>
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
