Mailinglist Archive: opensuse (4393 mails)

< Previous Next >
Re: [SLE] Routing question!!

Can't really make sense of your diagram. How many clients have you got and
what are trying to achieve? Also, what type of firewall are you trying to
achieve, a masquerading/NAT one, (in which case you need routing turned on),
or a application level one, (in which case you need it turned off).

If you've got this many servers I would suggest you install masquerading/NAT
firewall with routing turned on one one of them. This would have to be a
dual-homed (2 network interfaces) machine. On this you could also run one of
the excellent IDS systems out there, (SuSE have they're own secchk), and
maybe realtime monitoring of the log files with something like swatch. This
can be connected directly to an application level firewall, (again, 2
network interfaces), using squid for HTTP and (tunnelled) FTP and, if
necessary SuSE's ftp-proxy if you need better FTP connection. You can run a
mail server with smapd or postfix and DNS on this server. It would look like

Masquerading/NAT firewall
Application level gateway

Looking at your diagram again it may be that that is what you're trying to
do. Is that right?


-----Original Message-----
From: Mark A. Tagliaferro <be_lak@xxxxxxxxxxx>
To: Admin <linux-admin@xxxxxxxxxxxxxxx>; Networking
<linux-net@xxxxxxxxxxxxxxx>; SuSE Linux <suse-linux-e@xxxxxxxx>; Samba
Date: Thursday, November 29, 2001 10:37 AM
Subject: [SLE] Routing question!!

>I have the following system where I'm using Suse 7.1 on the servers:
> Clients Clients Clients
> Internet Win95 Win95 Win95
> | | | |
>+----------+ +----------+ +----------+ +----------+
>| Srv1 | | Srv2 | | Srv3 | | srv4 |
>+----------+ +----------+ +----------+ +----------+
> | | | |
> +---------------+---------------+---------------+
> backbone network
>On srv1 I have masquerading, NAT, firewall etc running and it's working
>From the other servers I have access to the internet. The problem comes is
>the client side. Even though they are connecting (via samba) to the linux
>servers they are not getting internet access. They manage to ping the nic
>the server but nothing on the backbone and obviously nothing on the net.
>The servers are abviously not routing the packets. Can this be simply
>by fixing the route.conf or do i need to set up masquerading on all the
>servers? Should I also be doing something to the samba config file?
>Do You Yahoo!?
>Everything you'll ever need on one web page from News and Sport to Email
and Music Charts
>To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
>For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
>Also check the FAQ at and the
>archives at

< Previous Next >
This Thread
  • No further messages