[Samba] samba in NATed network

[Derek Podoll]

You should be able to run the samba server on one of the vlans giving it
an internal ip address just make sure the routing between all the vlans
will forward the traffic to your PDC.  Also for security I would put the
samba server behind the NAT address there should be no reason to make it
public to the Internet unless you have remote people that connect in to
it.  And if that is the case they should be coming in over some kind of
vpn type link.  That can then route there connection to the correct
enteral server or network.

Here is an example of my simple network I am right now running a small
group of samba server at my house and some family members houses that has
3 PDC on 3 different networks all using private address.  With all the
networks linked together over a IPSEC network-to-network VPN.  So I can
have trusted networks setup between the servers.  This allows me to log in
to any of the Domains from my workstation and manage it.


> We have about 300 users distributed on different vlans using private ip
> network spaces,  and sharing one single public IP when going out to the
> Internet. Our samba (3.0.24) server has a pulbic IP and is running as a
> primary domain controller. All clients receive Sambas's public IP as
> their WINS server.   I am able to join the domain but samba stops
> responding sporadically.  Looking at the logs,   I found two things:
> First  on samba/log.smb:
>
>   oscar01 (4.5.6.7) closed connection to service netlogon
> [2008/04/30 11:55:12, 0] lib/util_sock.c:get_peer_addr(1229)
>   getpeername failed. Error was Transport endpoint is not connected
> [2008/04/30 11:55:12, 0] lib/util_sock.c:write_data(562)
>   write_data: write failure in writing to client 4.5.6.7. Error
> Connection reset by peer
> [2008/04/30 11:55:12, 0] lib/util_sock.c:send_smb(769)
>   Error writing 4 bytes to client. -1. (Connection reset by peer)
>
> Searching on google It seems that this is caused by smb ports=445 139
> and can be fixed by setting it to smb ports=445. I already made this
> change.
>
> Second on samba/log.nmbd
>
> [2008/04/30 14:25:31, 1] libsmb/cliconnect.c:cli_connect(1369)
>   Error connecting to 4.5.6.7 (Operation already in progress)
> [2008/04/30 14:40:40, 1] lib/util_sock.c:open_socket_out(896)
>   timeout connecting to 4.5.6.7:139
>
> Here it looks like samba is trying to initiate a connection using the
> NAT/firewall public IP, which is never going to work since there's no
> port forwarding in place. Which makes me wonder, is it possible to run
> samba on a NATed network??
> Thank you in advance for your input,
> eric.
>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>