Hi! I have setup a router with 3 NIC: inet->eth0->eth1-local_users ->eth2-DMZ_server I have also setup dhcp and DNS on the router. DHCP is server only for eth1 while on eth2 I have static IP address. So everything works except connecting local_users on eth1 to Samba shares on the server in DMZ by server name. Yes, I have it in my DNS records to point to it and with nslookup resolves it correctly but with ping it can''t find it. Accesing to Samba shares by IP is working. I also can''t browse Network Neighborhood. What am I missing in configuration? Regards, Sasa
Sasa Stupar wrote:> Hi! > > I have setup a router with 3 NIC: > inet->eth0->eth1-local_users > ->eth2-DMZ_server > > I have also setup dhcp and DNS on the router. DHCP is server only for > eth1 while on eth2 I have static IP address. So everything works except > connecting local_users on eth1 to Samba shares on the server in DMZ by > server name. Yes, I have it in my DNS records to point to it and with > nslookup resolves it correctly but with ping it can''t find it. Accesing > to Samba shares by IP is working. I also can''t browse “Network > Neighborhood”. What am I missing in configuration?Probably you aren''t running a WINS server or a late-model PDC. Any time that you insert a router into a Windows network, you must have one or the other. I try to make that clear at http://shorewall.net/samba.htm. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:>Sasa Stupar wrote: > > >>Hi! >> >>I have setup a router with 3 NIC: >>inet->eth0->eth1-local_users >> ->eth2-DMZ_server >> >>I have also setup dhcp and DNS on the router. DHCP is server only for >>eth1 while on eth2 I have static IP address. So everything works except >>connecting local_users on eth1 to Samba shares on the server in DMZ by >>server name. Yes, I have it in my DNS records to point to it and with >>nslookup resolves it correctly but with ping it can''t find it. Accesing >>to Samba shares by IP is working. I also can''t browse “Network >>Neighborhood”. What am I missing in configuration? >> >> > >Probably you aren''t running a WINS server or a late-model PDC. Any time >that you insert a router into a Windows network, you must have one or >the other. > >I try to make that clear at http://shorewall.net/samba.htm. > >-Tom > >I have read it. But if I put server in the same network as users then I have no problem with browsing network or accesing samba shares by computer name. Any comment on that? Sasa
Sasa Stupar wrote:> Tom Eastep wrote: > >> Sasa Stupar wrote: >> >> >>> Hi! >>> >>> I have setup a router with 3 NIC: >>> inet->eth0->eth1-local_users >>> ->eth2-DMZ_server >>> >>> I have also setup dhcp and DNS on the router. DHCP is server only for >>> eth1 while on eth2 I have static IP address. So everything works except >>> connecting local_users on eth1 to Samba shares on the server in DMZ by >>> server name. Yes, I have it in my DNS records to point to it and with >>> nslookup resolves it correctly but with ping it can''t find it. Accesing >>> to Samba shares by IP is working. I also can''t browse “Network >>> Neighborhood”. What am I missing in configuration? >>> >> >> Probably you aren''t running a WINS server or a late-model PDC. Any time >> that you insert a router into a Windows network, you must have one or >> the other. >> >> I try to make that clear at http://shorewall.net/samba.htm. >> >> -Tom >> >> > I have read it. But if I put server in the same network as users then I > have no problem with browsing network or accesing samba shares by > computer name. > Any comment on that?No. How could I possibly comment on that? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
--On 28. april 2005 8:23 -0700 Tom Eastep <teastep@shorewall.net> wrote:> Sasa Stupar wrote: >> Tom Eastep wrote: >> >>> Sasa Stupar wrote: >>> >>> >>>> Hi! >>>> >>>> I have setup a router with 3 NIC: >>>> inet->eth0->eth1-local_users >>>> ->eth2-DMZ_server >>>> >>>> I have also setup dhcp and DNS on the router. DHCP is server only for >>>> eth1 while on eth2 I have static IP address. So everything works except >>>> connecting local_users on eth1 to Samba shares on the server in DMZ by >>>> server name. Yes, I have it in my DNS records to point to it and with >>>> nslookup resolves it correctly but with ping it can''t find it. Accesing >>>> to Samba shares by IP is working. I also can''t browse Network >>>> Neighborhood. What am I missing in configuration? >>>> >>> >>> Probably you aren''t running a WINS server or a late-model PDC. Any time >>> that you insert a router into a Windows network, you must have one or >>> the other. >>> >>> I try to make that clear at http://shorewall.net/samba.htm. >>> >>> -Tom >>> >>> >> I have read it. But if I put server in the same network as users then I >> have no problem with browsing network or accesing samba shares by >> computer name. >> Any comment on that? > > No. How could I possibly comment on that? > > -TomAnother thing: from the router itself I can ping server in DMZ by its hostname. Sasa
Tom Eastep wrote:>>> >>> >>I have read it. But if I put server in the same network as users then I >>have no problem with browsing network or accesing samba shares by >>computer name. >>Any comment on that? > > No. How could I possibly comment on that? >Let''s recap the conversation so far: Sasa: If I do <thing 1> then it doesn''t work. Tom: If you do <thing 1> then you must also do <thing 2> Sasa: I know that, but if I don''t do <thing 1> then it works. See the problem? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Robert K Coffman Jr - Info From Data Corporation
2005-Apr-28 17:59 UTC
RE: Three NIC problem
>I have read it. But if I put server in the same network as users then Ihave no problem with browsing network or accesing samba shares by computer name. Because you are finding it by broadcast, which won''t traverse your router, hence Tom''s advice to set up WINS or (assuming W2k/W2003) DNS on your DC and point your clients at it. - Bob Coffman
--On 28. april 2005 13:59 -0400 Robert K Coffman Jr - Info From Data Corporation <bcoffman@infofromdata.com> wrote:>> I have read it. But if I put server in the same network as users then I > have no problem with browsing network or accesing samba shares by > computer name. > > Because you are finding it by broadcast, which won''t traverse your router, > hence Tom''s advice to set up WINS or (assuming W2k/W2003) DNS on your DC > and point your clients at it. > > - Bob Coffman >If I understood wright, the solution is to setup DNS in DMZ (if this is DC) and make clients to use it by dhcp config? But why it won''t work DNS which is installed and configured on the router itself which serves both networks (users and DMZ)! Sasa
Sasa Stupar wrote:> > > --On 28. april 2005 13:59 -0400 Robert K Coffman Jr - Info From Data > Corporation <bcoffman@infofromdata.com> wrote: > >>> I have read it. But if I put server in the same network as users then I >> have no problem with browsing network or accesing samba shares by >> computer name. >> >> Because you are finding it by broadcast, which won''t traverse your >> router, >> hence Tom''s advice to set up WINS or (assuming W2k/W2003) DNS on your DC >> and point your clients at it. >> >> - Bob Coffman >> > > If I understood wright, the solution is to setup DNS in DMZ (if this is > DC) and make clients to use it by dhcp config? > But why it won''t work DNS which is installed and configured on the > router itself which serves both networks (users and DMZ)!Because that is not the way that Microsoft designed their name resolution and browse list management. This is NOT a Shorewall/Linux issue -- it is just a fact of life when dealing with Microsoft networking; get used to it. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:>>> >>If I understood wright, the solution is to setup DNS in DMZ (if this is >>DC) and make clients to use it by dhcp config? >>But why it won''t work DNS which is installed and configured on the >>router itself which serves both networks (users and DMZ)! > > Because that is not the way that Microsoft designed their name > resolution and browse list management. > > This is NOT a Shorewall/Linux issue -- it is just a fact of life when > dealing with Microsoft networking; get used to it. >Let''s back up a minute and collect some facts: A) Do you have a DC? B) If yes, what version of Windows Server does it run on (or do you have Samba configured to act as a PDC)? C) Are all Windows boxes members of the same domain or members of domains that have mutual trust relationships? Microsoft network experts, please help me out here if there are additional questions. I''ve only set this up myself in a simple WINS configuration. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
--On 28. april 2005 14:01 -0700 Tom Eastep <teastep@shorewall.net> wrote:> Tom Eastep wrote: > >>>> >>> If I understood wright, the solution is to setup DNS in DMZ (if this is >>> DC) and make clients to use it by dhcp config? >>> But why it won''t work DNS which is installed and configured on the >>> router itself which serves both networks (users and DMZ)! >> >> Because that is not the way that Microsoft designed their name >> resolution and browse list management. >> >> This is NOT a Shorewall/Linux issue -- it is just a fact of life when >> dealing with Microsoft networking; get used to it. >> > > Let''s back up a minute and collect some facts: > > A) Do you have a DC? > B) If yes, what version of Windows Server does it run on (or do you have > Samba configured to act as a PDC)? > C) Are all Windows boxes members of the same domain or members of > domains that have mutual trust relationships? > > Microsoft network experts, please help me out here if there are > additional questions. I''ve only set this up myself in a simple WINS > configuration. > > -TomI don''t have a DC nor Samba configured as a PDC. I see that this is more complex then I thought so I won''t bother you anymore with this issue. Sasa
Robert K Coffman Jr - Info From Data Corporation
2005-Apr-29 12:55 UTC
RE: Three NIC problem
Long and short - if you need to use "Network Neighborhood" (and who really does - hopefully it will be a distant memory soon) setup WINS. Win2000 has an AD browser, but its gone in XP (and 2003 also I think) but since you don''t have a DC this isn''t relevant. If you need to map by machine name (ie. \\joe\share) either setup WINS or make sure your DNS server knows what "joe" is vs. joe.yourdomain.net) and make sure your clients are set up to use DNS for netbios name resolution. OR, as my doc says don''t do this, distribute an LMHOSTS file to your clients and make sure they are configured to use it. - Bob Coffman