Solved

Help for setup a gateway in RH 7.3

Posted on 2002-07-24
7
218 Views
Last Modified: 2013-12-15
I have a linux box running Red Hat 7.3 with Samba 2.2.5 as PDC.
the users for this samba server are in two nets:
one with public IP, others with private IP.
I would like to setup the Linux box as a Gateway for the
internat net, by two rasons:
-give internet access to the pcs in the internal net.
-get it share resources from the pc with public ip with the pc with private ip.

could someone to help me,
I need all information about this topics, I am new in Linux.

Thank




You can see a fig. for the net in:
http://www.mtps.gob.sv/images/netstm.jpg
0
Comment
Question by:jmgs082598
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7175841
your informations are to vage to give you hints.

Lets start at the basics:
  - does the network work basically, means can all involved machines ping the others
  - is there a firewall somewhere
  - do you use NAT
  - is the Samba-PDC DC for both types of network
0
 
LVL 1

Author Comment

by:jmgs082598
ID: 7176267
Thank ahoffmann by your comment.
- does the network work basically, means can all involved machines ping the others
yes. all pc ping the others, in the same net. one pc in the internal net can`t ping to the pc in the public net. because i think that the gateway.

-is there a firewall somewhere.
a Router installed by the Isp.

-do you use NAT
No.
I would like to use NAT. Setup in the Linux box.

-is the Samba-PDC DC for both types of network
Yes. In this moment the samba PDC is running fine for both networks.

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7176659
ok, routing seems to work.

you need to setup ipchains, or better iptables, for NAT (masquerading).
Block all ports (except those you really need, like 80, 443) to your internal IPs.
Do the same for the PC with the public IP where you want to allow shares, but allow port 137 - 139 for it too.

That should do the trick.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 40

Expert Comment

by:jlevie
ID: 7199180
Apologies to ahoffman, but I think the configuration is going to be a bit more complicated than a simple firewall configuration. As I understand the question the network topology looks like:

     Gateway Router
           |
  Public   |---------PC
   IP's    |---------PC
           |
    Linux SMB Server
           |
  Private  |---------PC
   IP's        ...
           |---------PC

And the desire is to; (1) allow machines in the private (inside) IP space access to the Internet, (2) allow file & resource sharing between the machines in the public (outside) IP space and the machines in the inside.

A simple IPchains/IPtables configuration using NPAT (aka Masquerade) would allow the hosts on the inside access to the Internet and access to the PC's in the public space. However, if connections need to be initiated from the outside PC's to inside services you'll need to use NAT on the gateway so that each inside PC gets a fixed IP on the outside. IPtables can do NAT (one-to-one translation), but IPchains can't.
0
 
LVL 1

Author Comment

by:jmgs082598
ID: 7204499
thank jlevie by your comment.
Yes. you are int he correct.
but I am new in Linux and I don't know how to setup the linux box to use NAt.
0
 
LVL 40

Accepted Solution

by:
jlevie earned 300 total points
ID: 7204547
There are two ways that IPtables can be set up on the Linux server. Which to use depends on whether you need to be able to initiate connections from those PC's in your Public address space to systems in your private address space. If there is a need for that service it also matters how many public IP's you have free and how many private machines need to be accessible from the public space.

If all connections involving a Private machine will be made from the inside a very simple IPtables configuration is feasible. And it will only require one Public IP, that of the outside interface of the Linux server.

Tell me which method must be used and I can help you with an IPtables rule set.
0
 

Expert Comment

by:SpideyMod
ID: 8271567
Administrative Action - Force Accepted

SpideyMod
Community Support Moderator @Experts Exchange
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
error log using ftp 7 82
Linux mount of Windows Shared Now Fails 8 115
can i read my emails on lamp ftp 4 26
pvcreate issue 5 38
This is the error message I got (CODE) Error caused by incompatible libmp3lame 3.98-2 with ffmpeg I've googled this error message and found out sometimes it attaches this note "can be treated with downgrade libmp3lame to version 3.97 or 3.98" …
How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question