smbclient using all interfaces

Tim Winders twinders at SPC.cc.tx.us
Tue Feb 16 07:00:31 GMT 1999 

Thanks for the suggestion Chris.  I will try that tomorrow and see what
happens.  I suspect it will NOT work based on other information that has
come to light...

On Tue, 16 Feb 1999, Christopher R. Hertel wrote:

> Try dropping only 139.  The -L option (if I remember correctly) connects 
> to port 139 on the remote end.  If it *does* work, then the problem was 
> name resolution packets not getting through.
> 
> This is quite a busy config, what with the vLANS and all.
> 
> Chris -)-----
> 
> > 
> > On Tue, 16 Feb 1999, Christopher R. Hertel wrote:
> > 
> > > > I'm confused.
> > > 
> > > As are we all.
> > 
> > At least I am in good company!  :-)
> >  
> > > > I have the following lines in my smb.conf file (2.0.2, btw):
> > > > 
> > > > interfaces = 206.76.17.2/255.255.255.0 206.76.20.2/255.255.255.0 \
> > > >              206.76.21.2/255.255.255.0 206.76.22.2/255.255.255.0
> > > > bind interfaces only = Yes
> > > > 
> > > > The system also have an additional interface of 206.76.16.67/28.  If I
> > > > block TCP/UDP ports 137-139 on my router and then try to do
> > > 
> > > Can you send the filter?  I assume you're blocking 137-139 for the 
> > > 206.76.16.67/28 subnet only, yes?
> > 
> > The router in question is a BayNetworks ASN with 5 ethernet interfaces.
> > Unfortunately, there is no easy way to send you the filter, but basically,
> > the way the management software works is, you create a filter template and
> > then apply it to each interface.  My template was (in essense):
> > 
> > UDP_OR_TCP PORT 137-139, DROP ALL
> > 
> > which was then applied ONLY to the ethernet interface on that subnet.
> >  
> > > I guess I'd like to know more about your filters, and the IP address of
> > > "another_host".  smbclient will open a high-numbered port to query the
> > > remote server, and replies will return from port 139 on that server to the
> > > high-numbered port.
> > > 
> > > ..I'm probably just missing something.
> > 
> > Or, I didn't give enough information in the first place.  Here is some
> > more "interesting" items.
> > 
> > The remote host in question is called ATC-SRV and its IP address is
> > 204.158.19.5 and 204.158.18.5.  Here's the interesting part... when I do a
> > traceroute to that machine, the traceroute goes out the port which is
> > being filtered, even though there is a more direct route!  See:
> > 
> > twinders> traceroute atc-srv
> > traceroute to atc-srv19.spc.cc.tx.us (204.158.19.5), 30 hops max, 40 byte
> > packets
> >  1  asn-e141 (206.76.16.66)  2 ms  2 ms  1 ms
> >  2  arn (206.76.17.4)  4 ms  5 ms  3 ms
> >  3  atcrtr (206.76.16.34)  28 ms  28 ms  11 ms
> >  4  atc-srv19 (204.158.19.5)  12 ms  11 ms  20 ms
> > 
> > If you look above, the machine in question has an interface with IP
> > 206.76.17.2, so it should skip the other interface, no?  This is on a
> > Digital Unix machine and the /etc/routes has a single entry as:
> > 
> > default 206.76.17.1
> > 
> > (which is one of the 5 interfaces on the router that has the filter
> > applied).
> > 
> > One "odd" piece of the configuration is this:  all the interfaces that
> > samba has bound are actually different elans on a single ATM card.  The
> > other card is an ethernet card.  I don't know if the OS is shoving the
> > packets out the ethernet by default or what.  But, I would think samba
> > (and its utils) would ignore that interface with the smb.conf parameters
> > listed above.
> > 
> > I can give more information if you want.  Just let me know what you are
> > looking for!  Thanks for the help...
> > 
> > === Tim
> > 
> > ---------------------------------------------------------------------
> > |  Tim Winders, CNE, MCSE     |  Email:  Tim.Winders at SPC.cc.tx.us   |
> > |  Network Administrator      |  Phone:  806-894-9611 x 2369        |
> > |  South Plains College       |  Fax:    806-897-4711               |
> > |  Levelland, TX  79336       |                                     |
> > ---------------------------------------------------------------------
> > 
> > 
> 
> 
> -- 
> Christopher R. Hertel -)-----                   University of Minnesota
> crh at nts.umn.edu              Networking and Telecommunications Services
> 

=== Tim

---------------------------------------------------------------------
|  Tim Winders, CNE, MCSE     |  Email:  Tim.Winders at SPC.cc.tx.us   |
|  Network Administrator      |  Phone:  806-894-9611 x 2369        |
|  South Plains College       |  Fax:    806-897-4711               |
|  Levelland, TX  79336       |                                     |
---------------------------------------------------------------------

More information about the samba-technical mailing list