[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pf and windows networking
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: pf and windows networking
- From: Greg Thomas <getbsd_(_at_)_sbcglobal_(_dot_)_net>
- Date: Mon, 9 Dec 2002 20:07:17 -0800
On Monday, Dec 9, 2002, at 18:49 US/Pacific, David Norman wrote:
Windows Networking, or SMB, or samba or CIFS as you can call it has
great problems with being NATed. I have never gone into details, but
using it from behind NATing routers has never really worked for
anyone I know tried to.
I'd suggest an other solution. I assume you NAT because the client
machines you talk about have private IP-adresses. If this is in
fact true you should change the network so that all your on campus
routers know how to route to that private network, and NAT only
those connections going off-campus.
This gives you internally one IP address per computer and externally
only one visible IP address. My university handles the computer
pools like this (well, actually no NAT, only proxies) and I think
it's the right way to handle it.
What you're talking about still involves NATing somehow. The private
IP'ed stations would still need access to the Internet as well as the
Windows shares and 10.x.x.x wouldn't be routable.
You don't have to NAT private addresses on a private network. If it's
your own network you can route what you like to route. The OP's
suggestion of just routing amongst private their subnets and using NAT
for those off-campus connections is fine.