force Samba bind to internal IP only (VPN) - possible bug ?

Jason Haar Jason.Haar at trimble.co.nz
Thu Mar 21 14:23:03 GMT 2002


On Wed, Mar 20, 2002 at 04:20:28AM +0100, Ulrich Kohlhase wrote:
> Hello everybody,
> 
> We need to configure Samba (recent cvs) on our Linux (SuSE 7.2) box
> (iptables/FreeSwan) acting as firewall, router and VPN gateway. Whenever
> nmbd or smbclient try to connect over VPN to our Samba PDC (WINS ok, IP
> 192.168.0.5) packets are sent with a source address of the external
> interface x.y.46.70 and will of course be blocked by iptables and never
> be routable to subnet 192.168.0.0 .

Owch :-)

You are right, it would be nice to do this. Even if you do "bind interfaces
only = Yes", you can see nmbd still bind to all interfaces - it's
just that they don't respond on the "non-binded" ones. Having a "outgoing
interface" option would be great.

However there is a workaround. I have exactly the same setup as you, and
aren't affected by this... because my LAN address is on eth0! I bet yours
isn't... It looks like Samba sends outgoing packets with the address of eth0.

So move your cables? :-)

-- 
Cheers

Jason Haar

Information Security Manager
Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417




More information about the samba-technical mailing list