Binding nmbd to one interface

Jonathan Hunter jonathan.hunter at
Wed Aug 15 00:00:52 GMT 2001


Apologies if this question has been asked (better still, answered!) before.
I did search the archives but had no luck, and a post to the main 'samba'
mailing list produced no response. Hopefully somebody in here will be able
to help, or at least point me in the right direction.

I have a Samba server at site A, happily acting as a local browse & domain
master. Site A uses real IP addresses throughout.

Site A has an IPsec tunnel to Site B, which only has one real IP address.
The desktop machines at site B have 192.168.x.x addresses, and can
communicate with site A through the IPsec tunnel.

There is a single gateway machine ("B") at site B, acting as a Samba server
as well as performing routing and IPsec. It is a Samba local browse and
domain master for site B, and this works well.

I would like to synchronise the Samba browse lists between sites A and B, so
that machines at each end can see each other. It appears that the "remote
browse sync" option will do this for me.

Unfortunately for me, a side-effect of our current IPsec configuration is
that on machine B, only connections originating from its private network
interface can communicate with site A. In other words, it is not sufficient
to simply open a socket on machine B and talk to machine A - one must open
the socket and bind it to machine B's 192.168.x.x address first. (The
desktop machines at site B are unaffected by this and can talk to site A
happily, as they already have 192.168.x.x addresses).

Now, I have already configured programs such as exim and squid on machine B
to bind to B's private interface so outbound requests originate from B's
192.168.x.x address. I have been trying to get nmbd to do this in a similar
fashion, but to no avail. As per the docs, nmbd always binds to even
though I have set "interfaces", "bind interfaces only", and even tried
"socket address" in smb.conf.

I can understand the requirement for nmbd to bind to to receive
broadcast queries - but surely there should be an option to tell nmbd to
bind to a specific address when it makes outbound connections such as for
"remote browse sync"? Perhaps a "nmbd interface" option or something

Currently I just get the following in site B's nmbd log:

[2001/08/11 00:39:07, 1] lib/util_sock.c:open_socket_out(927)
  timeout connecting to

where is the site A's Samba server.

Any comments gratefully received - am I thinking along the right lines here,
or am I missing something obvious?



The Consultant's Curse:
When the customer has beaten upon you long enough, give him what he asks
for, instead of what he needs.  This is very strong medicine, and is
normally only required once.

More information about the samba-technical mailing list