1
I have the current general setup:
Internet
|
modem
|
\--Router1 (10.0.0.1/16)
|
\--Client(s) (10.0.1-225.3-225)
\--Router2 (198.168.1.1/24, 10.0.0.2)
|
\--Samba File Server1(198.168.1.2)
\--Client_A (192.168.1.100)
\--Router3 (192.168.2.1/24, 192.168.1.3)
|
\--Samba File Server2(198.168.2.2)
\--Client_B (192.168.2.100)
|
<additionally I would like to continue this in the future>
|
\--Router4 (192.168.3.1/24, 192.168.2.3)
|
\--Samba File Server3(192.168.3.2)
\--Client(s)_C
\--Router5(192.168.etc.etc)
Additional Notes:
- I'm total nub to networking XD, I'm stuck on this for 2 weeks with no luck.
- Samba 3.6.6 on Ubuntu Server all configured to use:
- netmask/24(255.255.255.0),
- gateway 192.168.X.1 (router's LAN IP),
- network 192.168.X.0,
- broadcast 192.168.X.255,
- WIN server enabled and WORKGROUP1,2,etc.
- Pinging:
- I am able to ping all servers from nested subnets. eg. I can ping Server1 from Client_B,
- I am not able to ping internal clients. eg. I can't ping Server2 or Client_B from Client_A (this is a security thing I want to keep if possible).
- Samba Server works on same subnet: Server1 shows up on Client_A's Windows "network" list; Server2 shows up on Client_B's "network" list.
- Each router has:
- DHCP enabled and NAT enabled,
- Default Routing tables for all routers,
- No port forwards (I did try forwarding 137-139,445)
- I do have internet accesses from nested subnets.
The PROBLEM: Server1(192.168.1.2) will not show up on Client_B's (192.168.2.100) Windows "network" list. How could I get Client_B to recognize Server1?
Client_B does recognize Server2. I *have been changing workgroup name to match server changes, but still Server1 will not show up on Client_B's "network" list.
If possible, I would like to do is to keep it so that the nested subnets can look out and recognize external subnet servers, but make it hard to look into the nested subnets. I'm also trying to keep it recursive so I just need to attach new routers and servers as I go with the same type of configuration.
When I get home tonight I'll try connecting directly using '\192.168.X.2\stuff' method, and let you know. But I really would like it so people only need to change their workgroup name to access the servers.
Update Oct-17-2015: Typing in IP of Server1(\192.168.1.2) into Client_B's explorer window connects to Server1. Will next try Enry's idea to forward ports 137 and 139 individually to see if it will help Client_B see Server1 as part of "network."
Thank you Steven for editing it! I'm sorry to have made you go through it and enter it all in. I'll make sure to learn to use syntax for future posts. – flamingpope – 2015-10-16T18:08:51.770
You have cascaded a pile of routers behind each other without understanding how routing works. There is no way this is going to work. – qasdfdsaq – 2015-10-16T19:16:34.637
Incidentally this question has been asked many times before, and answered many times before. – qasdfdsaq – 2015-10-16T19:17:49.080
Hi, qasdfdsaq. You're right, but I'm trying my best god dammit in my free-time to get this setup and learn a little about routing. It took me two weeks just to setup Samba alone. There's just so much terminology(not knowing what terms to use in search) and the only helpful search result I got was to use "\192.168.X.X" in the explorer window. Still the "\192" answer doesn't suffice, I'm looking to make the setup stupid-proof so even I can't mess it up. More up-time less network maintenance. – flamingpope – 2015-10-17T05:07:54.897
Problem is your network is set up in a way you have to deliberately circumvent the way Windows is designed to work by default. You haven't explained any reason why. – qasdfdsaq – 2015-10-17T23:48:38.610
My purpose for the setup is to make it so that only people with access to the subnet can see/find the server. Basically to use the NAT as a security measure, and to have *tiered access. This way people that have access have to be physically on a nested subnet before they even try entering in a password for the server - which to me made sense, as people physically at a location tend to have a reason or stick-out. The windows "network" requirement was mainly for window users. – flamingpope – 2015-10-18T00:27:59.563