connecting to machine on another subdomain on same network

I have a WindowsXP (Home) machine with a shared folder.
I can mount it:
mount -t cifs //192.168.0.13/pa /media/chipperpa -o guest
from other Linux machines on the same subdomain.

However, what I really need to do is have this Fedora Core 7 machine
on a different subdomain on the same network connect to it.
Thing is, it just times out when trying to connect to it, even ping
it.

I did a Google and didn't come up with anything that seems directly
relevant. I know it has less to do with the machines
themselves and more to do with router/firewall settings. (Using IPCop
1.4.15).
But I can't seem to find anything that would allow the FC machine to
pass-through subdomains to "see" the Windows machine.

Any feedback on where I should be focusing on?
Thanks,
Liam

On Sep 14, 7:26 am, "n...@celticbear.com" <n...@celticbear.com> wrote:
> I have a WindowsXP (Home) machine with a shared folder.
> I can mount it:
> mount -t cifs //192.168.0.13/pa /media/chipperpa -o guest
> from other Linux machines on the same subdomain.
>
> However, what I really need to do is have this Fedora Core 7 machine
> on a different subdomain on the same network connect to it.
> Thing is, it just times out when trying to connect to it, even ping
> it.

Can you clarify here. You may be using the terms "subdomain" and
"network" in non-standard ways. What are the IP addresses and netmasks
of both machines? How are they physically connected? Does 'ping' not
work even if you turn off all firewalling in both machines? What do
the routing tables look like?

DS

On Sep 14, 10:16 am, David Schwartz <dav...@webmaster.com> wrote:
> On Sep 14, 7:26 am, "n...@celticbear.com" <n...@celticbear.com> wrote:
>
> > I have a WindowsXP (Home) machine with a shared folder.
> > I can mount it:
> > mount -t cifs //192.168.0.13/pa /media/chipperpa -o guest
> > from other Linux machines on the same subdomain.
>
> > However, what I really need to do is have this Fedora Core 7 machine
> > on a different subdomain on the same network connect to it.
> > Thing is, it just times out when trying to connect to it, even ping
> > it.
>
> Can you clarify here. You may be using the terms "subdomain" and
> "network" in non-standard ways. What are the IP addresses and netmasks
> of both machines? How are they physically connected? Does 'ping' not
> work even if you turn off all firewalling in both machines? What do
> the routing tables look like?

Sorry, I didn't realize I was using non-standard terms. On this LAN,
which I thought I could refer to as "network," behind the router I
have two...I thought were called "subdomains":
Windows PC is on one with this info:
IP: 192.168.0.13
netmask: 255.255.255.192

The Linux machine I need to connect to it is:
IP: 192.168.2.3
netmask: 255.255.255.248

Uhm, they're both connected using CAT-5 to their respective switches,
which are in turn connected to separate NICs in the PC running IPCop
(the router/IDS/firewall that separates these subdomains from the
Internet.)

No, the ping does not go through when the machines' individual
firewalls are disabled.

Hope this is enough additional info to help.
Thanks,
Liam

On Sep 14, 10:29 am, "n...@celticbear.com" <n...@celticbear.com>
wrote:
> On Sep 14, 10:16 am, David Schwartz <dav...@webmaster.com> wrote:
>
>
>
> > On Sep 14, 7:26 am, "n...@celticbear.com" <n...@celticbear.com> wrote:
> [..snip all..]

I was hoping I might be able to get some more feedback on this
problem?
Thanks for any suggestions. =)
-Liam

(E-Mail Removed) <(E-Mail Removed)> wrote:
> Sorry, I didn't realize I was using non-standard terms. On this LAN,
> which I thought I could refer to as "network," behind the router I
> have two...I thought were called "subdomains":
> Windows PC is on one with this info:
> IP: 192.168.0.13
> netmask: 255.255.255.192

> The Linux machine I need to connect to it is:
> IP: 192.168.2.3
> netmask: 255.255.255.248

OK, these are different subnets.

A subdomain (usually) refers to the DNS, e.g. first.celticbear.com and
second.celticbear.com. A subnet (usually) refers to a distinct part of
a network. In this case your network is what you control behind your
border router/gateway, and it's comprised of two distinct subnets,
one on 192.168.0.0/26 and the other on 192.168.2.0/29.

I think there's also a Microsoft definition of subdomain, but I can't
recall.


> Uhm, they're both connected [...] to separate NICs in the PC running
> IPCop (the router/IDS/firewall that separates these subdomains from the
> Internet.)

> No, the ping does not go through when the machines' individual
> firewalls are disabled.

Sounds like the router PC (the one running IPCop) isn't configured to
forward packets between its interfaces.

Chris

On Sep 18, 5:00 am, Chris Davies <chris-use...@roaima.co.uk> wrote:
> n...@celticbear.com <n...@celticbear.com> wrote:
> > Sorry, I didn't realize I was using non-standard terms. On this LAN,
> > which I thought I could refer to as "network," behind the router I
> > have two...I thought were called "subdomains":
> > Windows PC is on one with this info:
> > IP: 192.168.0.13
> > netmask: 255.255.255.192
> > The Linux machine I need to connect to it is:
> > IP: 192.168.2.3
> > netmask: 255.255.255.248
>
> OK, these are different subnets.
>
> A subdomain (usually) refers to the DNS, e.g. first.celticbear.com and
> second.celticbear.com. A subnet (usually) refers to a distinct part of
> a network. In this case your network is what you control behind your
> border router/gateway, and it's comprised of two distinct subnets,
> one on 192.168.0.0/26 and the other on 192.168.2.0/29.
>

DOH!! I knew that! I can't believe I was totally using the wrong word!
Thanks for the clue-by-four.

> I think there's also a Microsoft definition of subdomain, but I can't
> recall.
>
> > Uhm, they're both connected [...] to separate NICs in the PC running
> > IPCop (the router/IDS/firewall that separates these subdomains from the
> > Internet.)
> > No, the ping does not go through when the machines' individual
> > firewalls are disabled.
>
> Sounds like the router PC (the one running IPCop) isn't configured to
> forward packets between its interfaces.

Well, I looked into that. IPCop has a tool to create "pinholes" to
allow something in the DMZ (where the fileserve is) to transfer data
to a machine in the more secured subnet (where the PC's are.)

I set it up to allow transfer of packets through TCP 445 and 139, and
UDP 137 and 138 which SHOULD cover all the SMB ports. But the SMB
share attempts still time out.

Thanks for any suggestions,
Liam

On Sep 18, 10:54 am, "n...@celticbear.com" <n...@celticbear.com>
wrote:

> I set it up to allow transfer of packets through TCP 445 and 139, and
> UDP 137 and 138 which SHOULD cover all the SMB ports. But the SMB
> share attempts still time out.

Neither machine has any idea where to send packets bound for the other
machine. You need at least one machine that's in both networks, and
ever other machine needs to know to use that machine to reach the
other network.

DS

On Sep 19, 12:55 am, David Schwartz <dav...@webmaster.com> wrote:
> On Sep 18, 10:54 am, "n...@celticbear.com" <n...@celticbear.com>
> wrote:
>
> > I set it up to allow transfer of packets through TCP 445 and 139, and
> > UDP 137 and 138 which SHOULD cover all the SMB ports. But the SMB
> > share attempts still time out.
>
> Neither machine has any idea where to send packets bound for the other
> machine. You need at least one machine that's in both networks, and
> ever other machine needs to know to use that machine to reach the
> other network.
>
> DS

Hmm, 'fraid I don't understand.

"You need at least one machine that's in both networks"
Aside from the machines in question?

"ever other machine needs to know to use that machine to reach the
other network"
And how do I get the machines to "know" how to use these additional
machines to reach the other subnet...and how do those machines cross
the subnet gap?

Just give me the terms/concepts I need to look into and I'll look into
it--I'm not asking you to tell me how to do it. Just point me at the
right direction, please.

Thanks!
-Liam

On Sep 19, 6:38 am, "n...@celticbear.com" <n...@celticbear.com> wrote:

> "You need at least one machine that's in both networks"
> Aside from the machines in question?

Not necessarily. You just need at least one machine that's in both
networks.

> "ever other machine needs to know to use that machine to reach the
> other network"
> And how do I get the machines to "know" how to use these additional
> machines to reach the other subnet...and how do those machines cross
> the subnet gap?

They know to use these additional machines to reach the other subnet
one of three ways:

1) You add a route to each machine that tells them this.

2) You make the gateway machine their default route or make whatever
is already their default route a gateway between the two networks.
(Probably best.)

3) You use a dynamic routing protocol.

The machines cross the gap by sending packets bound for the other
network to the gateway machine.

> Just give me the terms/concepts I need to look into and I'll look into
> it--I'm not asking you to tell me how to do it. Just point me at the
> right direction, please.

What does the default route on these machines point to? If that
default route machine knows how to reach both subnets, it should all
"just work".

DS

On Sep 19, 10:07 am, David Schwartz <dav...@webmaster.com> wrote:
> On Sep 19, 6:38 am, "n...@celticbear.com" <n...@celticbear.com> wrote:
>
> > "You need at least one machine that's in both networks"
> > Aside from the machines in question?
>
> Not necessarily. You just need at least one machine that's in both
> networks.
>
> > "ever other machine needs to know to use that machine to reach the
> > other network"
> > And how do I get the machines to "know" how to use these additional
> > machines to reach the other subnet...and how do those machines cross
> > the subnet gap?
>
> They know to use these additional machines to reach the other subnet
> one of three ways:
>
> 1) You add a route to each machine that tells them this.
>
> 2) You make the gateway machine their default route or make whatever
> is already their default route a gateway between the two networks.
> (Probably best.)
>
> 3) You use a dynamic routing protocol.
>
> The machines cross the gap by sending packets bound for the other
> network to the gateway machine.
>
> > Just give me the terms/concepts I need to look into and I'll look into
> > it--I'm not asking you to tell me how to do it. Just point me at the
> > right direction, please.
>
> What does the default route on these machines point to? If that
> default route machine knows how to reach both subnets, it should all
> "just work".
>
> DS

Hmm, sounds like it all comes down to the IPCop firewall/router. I may
need to move over to its support forums.
See, the PC's are on the subnet IPCop calls the Green Zone--a highly
protected subnet inaccessible to the Internet (Red Zone) or the DMZ
(Orange Zone) without creating pinholes.
Now, I can connect FROM the Green Zone to the DMZ without problem,
indicating the routing is set up just fine in that direction. For
example, the fileserver has several SMB shares that PC's in the Green
connect to all the time without problem.

So, needing the fileserver in the DMZ to connect to a share on a PC in
the Green, means I need to get IPCop to allow the routing to go in
that direction as well--but limited!
I looked at IPCop's firewall pinholes, as I mentioned in a previous
message, but I must be missing something.

Well, thanks for the replies and help! Looks like I may need to go to
a different forum for this now.
Thanks,
Liam