Oops. Sorry for the confusion if any due to the 'bridging' word used.
It is a routing firewall using ipchains and doing packet filtering.
The Intranet uses NAT (IP-masquerading) to connect to Internet.
Is this is a firewall issue or something to do with SAMBA?
As I have opened all udp/tcp ports between the two subnets, I wonder what
does firewall have to do in this?
-
Oommen
On Fri, 31 Mar 2000, Rakers, Jason wrote:
<jrakers>Are you sure the FW is really bridging and not routing? Sounds like the
<jrakers>name service broadcasts are not passing the firewall, making it a router and
<jrakers>not a bridge.
<jrakers>
<jrakers>jason
<jrakers>
<jrakers>
<jrakers>> -----Original Message-----
<jrakers>> From: Oommen Thomas [SMTP:[EMAIL PROTECTED]]
<jrakers>> Sent: Friday, March 31, 2000 12:24 PM
<jrakers>> To: LENGARD Pascal OCISI
<jrakers>> Cc: 'Linux Admin List'; 'Linux Net List'
<jrakers>> Subject: RE: SAMBA & Cross-subnet browsing
<jrakers>>
<jrakers>>
<jrakers>> Tried that too.
<jrakers>> Doest work even after allowing all tcp/udp ports between DMZ and LAN.
<jrakers>> I can access everything from inside.
<jrakers>> But from from DMZ, the browse list shows up but LAN machines not
<jrakers>> accessible (all in Win).
<jrakers>>
<jrakers>> Thanks
<jrakers>> Oommen
<jrakers>>
<jrakers>> On Fri, 31 Mar 2000, LENGARD Pascal OCISI wrote:
<jrakers>>
<jrakers>> <pascal.lengard>open wide your firewall and test again. if it still does
<jrakers>> not work then you
<jrakers>> <pascal.lengard>have a SAMBA problem, else you have a firewall-rule
<jrakers>> problem.
<jrakers>> <pascal.lengard>
<jrakers>> <pascal.lengard>pascal
<jrakers>> <pascal.lengard>
<jrakers>> <pascal.lengard>> -----Original Message-----
<jrakers>> <pascal.lengard>> From: [EMAIL PROTECTED]
<jrakers>> <pascal.lengard>> [mailto:[EMAIL PROTECTED]]On Behalf Of
<jrakers>> Oommen Thomas
<jrakers>> <pascal.lengard>> Sent: Friday, March 31, 2000 5:44 PM
<jrakers>> <pascal.lengard>> To: Linux Admin List; Linux Net List
<jrakers>> <pascal.lengard>> Subject: SAMBA & Cross-subnet browsing
<jrakers>> <pascal.lengard>>
<jrakers>> <pascal.lengard>>
<jrakers>> <pascal.lengard>>
<jrakers>> <pascal.lengard>> Hi all,
<jrakers>> <pascal.lengard>>
<jrakers>> <pascal.lengard>> We have a Linux firewall bridging a LAN and the Internet
<jrakers>> (most clients
<jrakers>> <pascal.lengard>> being win9x and NT).
<jrakers>> <pascal.lengard>> There are some machines in the DMZ too.
<jrakers>> <pascal.lengard>> A Linux/SAMBA server is used as the WINS server for both
<jrakers>> subnets.
<jrakers>> <pascal.lengard>>
<jrakers>> <pascal.lengard>> Each machine within the LAN can see/browse all other
<jrakers>> machines.
<jrakers>> <pascal.lengard>> But not the other way round.
<jrakers>> <pascal.lengard>> ie the machines in the DMZ can see but not browse the
<jrakers>> LAN machines.
<jrakers>> <pascal.lengard>>
<jrakers>> <pascal.lengard>> I have allowed traffic of udp/tcp ports 137-139 between
<jrakers>> DMZ
<jrakers>> <pascal.lengard>> and LAN, with
<jrakers>> <pascal.lengard>> masquearding. Isn't that enough, or do I have to do
<jrakers>> anything
<jrakers>> <pascal.lengard>> more on the
<jrakers>> <pascal.lengard>> firewall?
<jrakers>> <pascal.lengard>>
<jrakers>> <pascal.lengard>> TIA
<jrakers>> <pascal.lengard>> -
<jrakers>> <pascal.lengard>> Oommen
<jrakers>>
<jrakers>> -
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
