Hi, We currently run all public ip's inside our network, DC's and workstations too. We are thinking perhaps to divide our network into a NATed workstations segment, but keep our DC's and fileservers IPs public as they are now. We are running sernet-samba, mainly win7 clients, using GPO's, shared drives. I did a quick test on a win7 workstation, put it in the NAT segment, configured two DCs as DNS servers. Browsing the internet works, but any samba/ad/cifs functionality is lost. (ssh from the NAT to the DC's also works, so basic connectivity is there) It's just the active directory that seems NOT to work. Before looking further into this... is something like this supported? Should it work at all? What problems can we expect, and how to solve them? Is anyone doing this? Regards, MJ
Am 15.07.2015 um 12:39 schrieb mourik jan heupink:> We currently run all public ip's inside our network, DC's and > workstations too. > > We are thinking perhaps to divide our network into a NATed workstations > segment, but keep our DC's and fileservers IPs public as they are now. > > We are running sernet-samba, mainly win7 clients, using GPO's, shared > drives. > > I did a quick test on a win7 workstation, put it in the NAT segment, > configured two DCs as DNS servers. Browsing the internet works, but any > samba/ad/cifs functionality is lost. (ssh from the NAT to the DC's also > works, so basic connectivity is there) It's just the active directory > that seems NOT to work. > > Before looking further into this... is something like this supported? > Should it work at all? What problems can we expect, and how to solve them? > > Is anyone doing this?i doubt that will work because there is no broadcasting possible over NAT -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20150715/f6c312e5/signature.sig>
Hi Reindl, On 7/15/2015 13:25, Reindl Harald wrote:> i doubt that will work because there is no broadcasting possible over NATAnd I was under the impression that broadcasts were more or less from the NT4-domain days, and that now with AD things were (perhaps primarily) done using DNS..? MJ