SMB do not listen on alias ip

ok, I’m doing right now,
But I have problems when I have to enter the static route. In fact I can not give it to you

ip ro add 192.168.18.0/24 via 192.168.12.253

-------------------remote net------------ip of FW with vpn ipsec

 ip ro add 192.168.18.0/24 via 192.168.12.253
RTNETLINK answers: Network is unreachable

ip a
 host0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 1a:d0:ba:25:2c:52 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.1.2/24 brd 192.168.1.255 scope global host0
       valid_lft forever preferred_lft forever
    inet 192.168.12.2/32 scope global host0:1
       valid_lft forever preferred_lft forever
    inet6 fe80::18d0:baff:fe25:2c52/64 scope link
       valid_lft forever preferred_lft forever

In essence it is the same logic I used for all the machines I want to publish in vpn ipsec, alias ip and static route!

Why should I set it as default?
Why locally come with ip direct? Does everything else send on gateways?

:astonished: I’m sorry, my bad: your configuration does not have a red interface! However it is really complex!

IIUC you have two green networks and need to communicate with other networks behind a VPN router…

At the moment, the nsdc network configuration sets the green network gateway as default (and unique) route. That gateway is the only responsible for all packet routing rules.

We are planning to set NethServer itself as gateway, if a red interface is present. This scenario is still not covered by our configuration and needs to be fixed.

Meanwhile I’d move forward with the original problem:

Sorry @davidep You think I’ve exaggerated with the services?

NethServer has a modular design and is often considered an all-in-one server. It’s perfectly fine to install all modules on a single system, however if something is not working properly it’s more difficult to debug.

Some people prefer to split the roles across different machines, expecially firewall and everything else.

1 Like

A post was split to a new topic: SMB access denied with VPNs