Rodrigo Gruppelli
2003-Feb-13 20:37 UTC
[Samba] Can't access remote workstations without MASQUERADE
Hi everyone! I have a little problem here. First let explain my network topology I have a 192.168.0.0/24 network, with win98 workstations, a NT serving domain and another NT as a WINS server. 192.168.0.3 - NT / WINS 192.168.0.6 - NT / DOMAIN 192.168.0.1 - Internet gateway 192.168.0.2 - Wireless AP 200 that connects to a linux gw ==--==-=-=-==-= AIR :) -- --- == --==--=-- =-=- 192.168.0.4 - IP of the wireless iface of a linux gw on the remote side 192.168.1.1 - IP of the ethernet interface of the linux gw (this samba is acting as a local master browser for the 192.168.1.0/24 network and is serving some files) 192.168.1.0/24 - remote side network. All of this machines are configured to use WINS at 192.168.0.3, all NT servers, samba server, win98 machines, of both sides. I already setup all the routing stuff. I can ping any machine FROM any machine of both sides. I can browse the network neighborhood, all machines appear on it. The gateway of all 192.168.0.0/24 machine is 192.168.0.1 The gateway of all 192.168.1.0/24 machine is 192.168.1.1 On 192.168.0.1 I setup a route telling that 192.168.1.0/24 network is reachable by the 192.168.0.2 (AP 200). The Ap200 then bridges the traffic to the other side 192.168.0.4 pcmcia wireless interface, and then it enter the 192.168.1.0/24 network. The problem is that, from a 192.168.1.0/24 win98 machine, I can browse the network neighborhood, I can see all machines of 192.168.0.0/24 side, but when I try to access a machine, it says that the machine isn't accessable. If I insert a rule on linux gw 192.168.1.1 telling to masquerade all 192.168.1.0/24 traffic (iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE), then everything works normally. But WHY this masquerade? I don't want to use masquerade. I mean, the cleaner my network topology is, better it will be. Why can't it work with just trivial routing? Anyone knows? As I said, without masquerade, I can do everything. Ping, resolve netbios names, browse on the network neighborhood. Everything but access the shares. With masquerade, I access the share. thanks in advance Rodrigo
Bart Bekker
2003-Feb-14 07:57 UTC
[Samba] Can't access remote workstations without MASQUERADE
Could this be related to ip forwarding being disabled? Do you have a firewall? -------Original Message------- From: Rodrigo Gruppelli Date: 14 februarie 2003 08:12:23 To: samba@lists.samba.org Subject: [Samba] Can't access remote workstations without MASQUERADE Hi everyone! I have a little problem here. First let explain my network topology I have a 192.168.0.0/24 network, with win98 workstations, a NT serving domain and another NT as a WINS server. 192.168.0.3 - NT / WINS 192.168.0.6 - NT / DOMAIN 192.168.0.1 - Internet gateway 192.168.0.2 - Wireless AP 200 that connects to a linux gw ==--==-=-=-==-= AIR :) -- --- == --==--=-- =-=- 192.168.0.4 - IP of the wireless iface of a linux gw on the remote side 192.168.1.1 - IP of the ethernet interface of the linux gw (this samba is acting as a local master browser for the 192.168.1.0/24 network and is serving some files) 192.168.1.0/24 - remote side network. All of this machines are configured to use WINS at 192.168.0.3, all NT servers, samba server, win98 machines, of both sides. I already setup all the routing stuff. I can ping any machine FROM any machine of both sides. I can browse the network neighborhood, all machines appear on it. The gateway of all 192.168.0.0/24 machine is 192.168.0.1 The gateway of all 192.168.1.0/24 machine is 192.168.1.1 On 192.168.0.1 I setup a route telling that 192.168.1.0/24 network is reachable by the 192.168.0.2 (AP 200). The Ap200 then bridges the traffic to the other side 192.168.0.4 pcmcia wireless interface, and then it enter the 192.168.1.0/24 network. The problem is that, from a 192.168.1.0/24 win98 machine, I can browse the network neighborhood, I can see all machines of 192.168.0.0/24 side, but when I try to access a machine, it says that the machine isn't accessable. If I insert a rule on linux gw 192.168.1.1 telling to masquerade all 192.168.1.0/24 traffic (iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE), then everything works normally. But WHY this masquerade? I don't want to use masquerade. I mean, the cleaner my network topology is, better it will be. Why can't it work with just trivial routing? Anyone knows? As I said, without masquerade, I can do everything. Ping, resolve netbios names, browse on the network neighborhood. Everything but access the shares. With masquerade, I access the share. thanks in advance Rodrigo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba .