Smoothwall 2.0 as an Internal Router between intranet segments
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Smoothwall 2.0 as an Internal Router between intranet segments
I am experiementing with Smoothwall. I want to set it up as a router between two internal segments of my intranet, my current network (192.168.1.0) and a new segment (172.16.1.0).
I'm hoping to be able to get the smoothwall configured to act like a Cisco router. After re-writing the /etc/rc.d/rc.firewall.up script to include a very loose set of IPTables rules (again, security is not my focus) I have connectivity between the segments. However, I am missing a few things:
1). The one machine (XP) that I currently have behind the smoothie isn't able to update my networks master browser list with its hostname. I can unc into the machine via IP, but not by hostname.
2). I am unable to authenitcate to my Win2k (on the 192.168.1.0 network) server from that machine. It is a member of the domain, but that traffic isn't getting across smoothie.
I have scoured the internet and forums, looking to something similiar. I haven't been able to find a reference for using a linux box in this manner. Everything I've been able to locate seems to assume I'm connecting to a public IP.
Any suggestions on additional iptables rules to resolve my above issues would be greatly appreciated.
Is this a full active dir environment ? I think this is more of a Windows Question then a Linux one but let me give it a try. Browse lists in old world windows were populated using broadcast messages in which case your registration with the master browser would never make it to the other subnet.
If you are using a full active dir environment then you may just have a routing problem on the smooth wall i.e. you may need a static route between the two subnets. In the Active Dir world names and address are kept in DNS as SRV or is it SVR records updated dynamically when a client gets an ip address from the DHCP server then registers it self on the network.
Some things to note. You may not need the firewall at all if you just want it to route. You will need to turn forwarding on.
sysctl -w net.ipv4.ip_forward=1
Interesting. My win2k is running AD, however, I have the DNS updates turned off, as I'm running a Linux based DNS system on my machine that connects my internal LAN to the internet.
I'm just looking for the simplest way to route traffic two-way over the segments. I mis-spoke when I mentioned master browse lists. You are correct that those are no longer valid in an active directory environment.
I have flushed the iuptables rules. I'm still able to ping across, I still can't unc via hostname. I'll have to try the domain login.
Thanks for the input and I'm open if you or anyone else has any further advice.
I believe in this case your Domain controller will run in mixed mode, and you should be able to find hosts via WINS? What happens when you run nbtstat -r ? Can you ping/find your WINS server? Try to force a WINS server on the client, if this works then then you can add a directive in your dhcpd.conf to supply this to the client automaticaly. Another possibility is to allow for dynamic DNS updates on your Linux box, BIND supports this. Last resort pull out good ole tcpdump and put your ear to the ether.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.