Hi Jonathan,
thanks for your replay, that was really kind.
The thingy is now working.
Here is the output of "ip addr":
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group
default qlen 1000
    link/ether ac:1f:6b:12:b7:f2 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq
master br0 state UP group default qlen 1000
    link/ether ac:1f:6b:12:b7:f3 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::ae1f:6bff:fe12:b7f3/64 scope link
       valid_lft forever preferred_lft forever
5: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP group default qlen 1000
    link/ether 00:11:f6:7e:db:43 brd ff:ff:ff:ff:ff:ff
    inet XXX.XX.XX.XXXX/19 brd XXX.XX.XX.255 scope global wlan0
       valid_lft forever preferred_lft forever
    inet6 fe80::211:f6ff:fe7e:db43/64 scope link
       valid_lft forever preferred_lft forever
6: tap0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast master br0 state UP group default qlen 1000
    link/ether 5a:b0:10:70:8f:e6 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::58b0:10ff:fe70:8fe6/64 scope link
       valid_lft forever preferred_lft forever
7: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
UP group default qlen 1000
    link/ether 5a:b0:10:70:8f:e6 brd ff:ff:ff:ff:ff:ff
    inet 10.20.30.1/24 scope global noprefixroute br0
       valid_lft forever preferred_lft forever
    inet6 fe80::8802:16ff:fea9:9842/64 scope link
       valid_lft forever preferred_lft forever
To make a summary:
eth1 and tap0 are members of br0. the virtual machine is listening on
tap0. Nating is done between wlan0 and the br0 interface.
Got it running. Quite happy about it :-) Wlan0 will be taken down and i
will switch to eth0 if i feel confident about my setup.
If there is anyone who wants to make a similiar setup, let me know. I
will dig up all my config files ...
Have fun,
blubberbaer
On 16/02/2020 18:10, Jonathan Hunter via samba wrote:> Hi blubberbaer,
> 
> On Fri, 7 Feb 2020 at 19:26, kaffeesurrogat via samba
> <samba at lists.samba.org> wrote:
>> i'm new to the list and new to samba. Right now I'm trying
setup a samba
>> ADDC serving around 50 Windows 10 clients and a couple of linux
clients.
>> [...]
>> I set up a virtual machine running linux as guest os, but to be honest,
>> i'm lost. I don't know how to integrate the virtual machine
into the
>> 10.* network to serve as a filesharer.
>> [...]
>>
>> The nating between br0 and eth0 doesn't work. Mmmmm, to be honest,
it is
>> definitively a wise decision to hide my 10.* network behind nat.
> 
> I haven't done this before (my DC hardware isn't powerful enough to
> run VMs) but as I understand it, the idea is that the host running AD
> DC shouldn't be used for a fileserver - therefore a new (virtual) host
> is set up for use as a fileserver. So far, so good.
> 
> I wonder if the problem you're having might be to do with NAT?
> 
> You mention that your eth1 network is connected to the clients - but
> the mention of NAT worries me a little, as server services behind NAT
> tend to be more troublesome to get working (and also if there is only
> a single IP address being NATted, then there could be conflicts
> between the AD DC and the VM running as a fileserver)
> 
> Are you able to bridge (and not NAT) your fileserver VM on the eth1
> network, so that it gets a real IP address on that subnet, and doesn't
> use NAT? The clients should ideally be able to reach the fileserver
> directly, not via NAT. It wasn't clear to me from your original post
> where the NAT was being applied.
> 
> Can you confirm what IP address your fileserver VM has - is it in the
> same IP address range as the Windows clients, and can they communicate
> with it in both directions?
> 
> Hope that helps give some pointers at least,
> 
> J
>