jmgs082598
asked on
Help for setup a gateway in RH 7.3
I have a linux box running Red Hat 7.3 with Samba 2.2.5 as PDC.
the users for this samba server are in two nets:
one with public IP, others with private IP.
I would like to setup the Linux box as a Gateway for the
internat net, by two rasons:
-give internet access to the pcs in the internal net.
-get it share resources from the pc with public ip with the pc with private ip.
could someone to help me,
I need all information about this topics, I am new in Linux.
Thank
You can see a fig. for the net in:
http://www.mtps.gob.sv/images/netstm.jpg
the users for this samba server are in two nets:
one with public IP, others with private IP.
I would like to setup the Linux box as a Gateway for the
internat net, by two rasons:
-give internet access to the pcs in the internal net.
-get it share resources from the pc with public ip with the pc with private ip.
could someone to help me,
I need all information about this topics, I am new in Linux.
Thank
You can see a fig. for the net in:
http://www.mtps.gob.sv/images/netstm.jpg
ASKER
Thank ahoffmann by your comment.
- does the network work basically, means can all involved machines ping the others
yes. all pc ping the others, in the same net. one pc in the internal net can`t ping to the pc in the public net. because i think that the gateway.
-is there a firewall somewhere.
a Router installed by the Isp.
-do you use NAT
No.
I would like to use NAT. Setup in the Linux box.
-is the Samba-PDC DC for both types of network
Yes. In this moment the samba PDC is running fine for both networks.
- does the network work basically, means can all involved machines ping the others
yes. all pc ping the others, in the same net. one pc in the internal net can`t ping to the pc in the public net. because i think that the gateway.
-is there a firewall somewhere.
a Router installed by the Isp.
-do you use NAT
No.
I would like to use NAT. Setup in the Linux box.
-is the Samba-PDC DC for both types of network
Yes. In this moment the samba PDC is running fine for both networks.
ok, routing seems to work.
you need to setup ipchains, or better iptables, for NAT (masquerading).
Block all ports (except those you really need, like 80, 443) to your internal IPs.
Do the same for the PC with the public IP where you want to allow shares, but allow port 137 - 139 for it too.
That should do the trick.
you need to setup ipchains, or better iptables, for NAT (masquerading).
Block all ports (except those you really need, like 80, 443) to your internal IPs.
Do the same for the PC with the public IP where you want to allow shares, but allow port 137 - 139 for it too.
That should do the trick.
Apologies to ahoffman, but I think the configuration is going to be a bit more complicated than a simple firewall configuration. As I understand the question the network topology looks like:
Gateway Router
|
Public |---------PC
IP's |---------PC
|
Linux SMB Server
|
Private |---------PC
IP's ...
|---------PC
And the desire is to; (1) allow machines in the private (inside) IP space access to the Internet, (2) allow file & resource sharing between the machines in the public (outside) IP space and the machines in the inside.
A simple IPchains/IPtables configuration using NPAT (aka Masquerade) would allow the hosts on the inside access to the Internet and access to the PC's in the public space. However, if connections need to be initiated from the outside PC's to inside services you'll need to use NAT on the gateway so that each inside PC gets a fixed IP on the outside. IPtables can do NAT (one-to-one translation), but IPchains can't.
Gateway Router
|
Public |---------PC
IP's |---------PC
|
Linux SMB Server
|
Private |---------PC
IP's ...
|---------PC
And the desire is to; (1) allow machines in the private (inside) IP space access to the Internet, (2) allow file & resource sharing between the machines in the public (outside) IP space and the machines in the inside.
A simple IPchains/IPtables configuration using NPAT (aka Masquerade) would allow the hosts on the inside access to the Internet and access to the PC's in the public space. However, if connections need to be initiated from the outside PC's to inside services you'll need to use NAT on the gateway so that each inside PC gets a fixed IP on the outside. IPtables can do NAT (one-to-one translation), but IPchains can't.
ASKER
thank jlevie by your comment.
Yes. you are int he correct.
but I am new in Linux and I don't know how to setup the linux box to use NAt.
Yes. you are int he correct.
but I am new in Linux and I don't know how to setup the linux box to use NAt.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Administrative Action - Force Accepted
SpideyMod
Community Support Moderator @Experts Exchange
SpideyMod
Community Support Moderator @Experts Exchange
Lets start at the basics:
- does the network work basically, means can all involved machines ping the others
- is there a firewall somewhere
- do you use NAT
- is the Samba-PDC DC for both types of network