I am experiementing with Smoothwall. I want to set it up as a router between two internal segments of my intranet, my current network (192.168.1.0) and a new segment (172.16.1.0).

I'm hoping to be able to get the smoothwall configured to act like a Cisco router. After re-writing the /etc/rc.d/rc.firewall.up script to include a very loose set of IPTables rules (again, security is not my focus) I have connectivity between the segments. However, I am missing a few things:

1). The one machine (XP) that I currently have behind the smoothie isn't able to update my networks master browser list with its hostname. I can unc into the machine via IP, but not by hostname.

2). I am unable to authenitcate to my Win2k (on the 192.168.1.0 network) server from that machine. It is a member of the domain, but that traffic isn't getting across smoothie.

Here is the contents of my rc.firewall.up script:

iptables -F
iptables -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

I have scoured the internet and forums, looking to something similiar. I haven't been able to find a reference for using a linux box in this manner. Everything I've been able to locate seems to assume I'm connecting to a public IP.

Any suggestions on additional iptables rules to resolve my above issues would be greatly appreciated.

Is this a full active dir environment ? I think this is more of a Windows Question then a Linux one but let me give it a try. Browse lists in old world windows were populated using broadcast messages in which case your registration with the master browser would never make it to the other subnet.

If you are using a full active dir environment then you may just have a routing problem on the smooth wall i.e. you may need a static route between the two subnets. In the Active Dir world names and address are kept in DNS as SRV or is it SVR records updated dynamically when a client gets an ip address from the DHCP server then registers it self on the network.

Some things to note. You may not need the firewall at all if you just want it to route. You will need to turn forwarding on.
sysctl -w net.ipv4.ip_forward=1

Interesting. My win2k is running AD, however, I have the DNS updates turned off, as I'm running a Linux based DNS system on my machine that connects my internal LAN to the internet.

I'm just looking for the simplest way to route traffic two-way over the segments. I mis-spoke when I mentioned master browse lists. You are correct that those are no longer valid in an active directory environment.

I have flushed the iuptables rules. I'm still able to ping across, I still can't unc via hostname. I'll have to try the domain login.

Thanks for the input and I'm open if you or anyone else has any further advice.

I believe in this case your Domain controller will run in mixed mode, and you should be able to find hosts via WINS? What happens when you run nbtstat -r ? Can you ping/find your WINS server? Try to force a WINS server on the client, if this works then then you can add a directive in your dhcpd.conf to supply this to the client automaticaly. Another possibility is to allow for dynamic DNS updates on your Linux box, BIND supports this. Last resort pull out good ole tcpdump and put your ear to the ether.

-Matt