Connecting through a firewall

Barry Callahan barryc at rjlsystems.com
Fri Nov 2 06:24:03 GMT 2001 

Generally speaking, you shouldn't.  The more holes you punch through your 
firewall, the less secure it becomes.

That having been said, I'd also like to use samba across a firewall, but for a 
specific purpose.  Here's my setup:

           OUTSIDE
              |
           firewall
           |      |
192.168.0.0/17  192.168.128.0/17

(the /17 indicates a 17-bit netmask for those who don't know, or: 255.255.128.0)

And I am in complete control of the network, including the firewall.

Servers are on the left side of the firewall, workstations are on the right.
I have a Sun Ultra-1 that I intend to place in the server pool as a 
backup-server.  This machine will be running samba, as I'd like it to be able to 
mount read-only shares from the PC workstations for dumping to tape.

As I understand, I'll need to allow traffic between the backup server and the 
workstation pool on the following ports with both tcp and udp protocols:
 
#(from the samba machine's /etc/services file)
netbios-ns      137/tcp                         # NETBIOS Name Service
netbios-ns      137/udp                         # NETBIOS Name Service
netbios-dgm     138/tcp                         # NETBIOS Datagram Service
netbios-dgm     138/udp                         # NETBIOS Datagram Service
netbios-ssn     139/tcp                         # NETBIOS Session Service
netbios-ssn     139/udp                         # NETBIOS Session Service

Is there anything else I'd need to do for this scenario?  IE:
Should I set up a PDC on both branches of the firewall?
I can also set up NAT (network address translation) to make the samba machine 
look like it's on the other side of the firewall...

What if I decided to allow the samba machine to browse the shares on the 
workstations, or vice-versa?



>This is not much information to work with.
>Are you trying to set up cross network browsing?
>Who controls the firewall?
>Joel
>On Thu, Nov 01, 2001 at 08:51:26PM +0100, Hans Scheffers wrote:
>> Hello samba,
>> 
>>   Hi,
>>   I have a smb setup on a server, 192.168.1.2
>> 
>>   This server connects to firewall, and there is a network
>>   192.168.0.xxx.
>>   How do I connect through the firewall?

More information about the samba mailing list