Hi, I have a gateway between 2 internal networks that seem to work quite good so far. it's on a SuSE 7.0. I added a printer on the network2 and want to nat an adress so the network1 can see the network2 printer as if it was a network1 printer... (in fact the driver of the printer doesn't recognize the printer because it is on another network...). but there's surely something wrong in my cfg.... here it is : #!/bin/sh echo 1 > /proc/sys/net/ipv4/ip_forward cat /proc/modules | grep ip_masq > /tmp/ipmapp$$ while read LINE do set $LINE none none none if [ "$1" != "none" ] then /sbin/rmmod $1 fi done < /tmp/ipmapp$$ rm -f /tmp/ipmapp$$ /sbin/ipchains -F input /sbin/ipchains -P input ACCEPT /sbin/ipchains -F output /sbin/ipchains -P output ACCEPT /sbin/ipchains -F forward /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -j MASQ -s network2.ip.adress.0/24 -d 0.0.0.0/0 ip route add nat network1.ip.adress.printer via network2.ip.adress.printer
From the gateway, I can ping the printer with the network2 adress, but I don't ping the printer with the network1 adress. Anybody sees where is my mistake ?
TIA Stephane
On Thursday 18 October 2001 05:22 am, stephane parenton wrote:
Hi,
I have a gateway between 2 internal networks that seem to work quite good so far. it's on a SuSE 7.0. I added a printer on the network2 and want to nat an adress so the network1 can see the network2 printer as if it was a network1 printer... (in fact the driver of the printer doesn't recognize the printer because it is on another network...).
but there's surely something wrong in my cfg.... here it is :
/sbin/ipchains -A forward -j MASQ -s network2.ip.adress.0/24 -d 0.0.0.0/0 ip route add nat network1.ip.adress.printer via network2.ip.adress.printer
It occurs to me that this is very similar to something that I have set up for use with VMWare on my laptop. I have a Win2K virtual machine running inside VMWare at an IP of 192.168.65.4. My laptop has a real "eth0" interface at 192.168.64.4 (note different subnet) and a virtual "vmnet1" interface at 192.168.65.1. I never was able to get things working right using IPCHAINS, but it works correctly in IPTABLES. Here are the setup commands I use: echo "1" > /proc/sys/net/ipv4/ip_forward rmmod ipchains 2> /dev/null modprobe ip_tables modprobe iptable_nat modprobe ip_conntrack modprobe ipt_MASQUERADE modprobe iptable_filter modprobe ip_nat_ftp modprobe ip_conntrack_ftp modprobe ipt_state Some of the preceding (notably the FTP modules) aren't directly applicable to your situation, but I've kept them in the list for completeness. The IPTABLES setup is very simple: iptables -t nat -A POSTROUTING -s 192.168.65.4 -j MASQUERADE I also found that I need to add one static route to my Linux side: route add -net 192.168.64.0/24 gw 192.168.64.4 This is in addition to the normal default route. The overall effect of this is that traffic originating in my Windows VM, on the 65.x subnet, appears to the rest of my hosts to come from 64.4. My laptop can ping the vmnet from its Linux side but other hosts can't see the Windows stuff. If you treat my "vmnet" side (the 65.x subnet) as your Token Ring side, we have an almost analogous situation. You would need to set up an LPD forwarding queue on the Linux machine. Hosts on your Ethernet could print to that queue, and your Linux box then would forward it onto the Token Ring side. Obviously the IP addresses here are in the private subnet and not valid on the Internet; substitute accordingly for your installation. Disclaimer: This is NOT a firewall setup. I'm using this on a private LAN that is already behind a physically separate firewall box, and on which my wife and myself are the only two users, so I didn't put a lot of emphasis on securing this part of the setup. Scott -- -----------------------+------------------------------------------------------ Scott Courtney | "I don't mind Microsoft making money. I mind them courtney@4th.com | having a bad operating system." -- Linus Torvalds http://www.4th.com/ | ("The Rebel Code," NY Times, 21 February 1999)
participants (2)
-
Scott Courtney
-
stephane parenton