[Samba] Multiple Ethernet Cards: Ignoring one of them

Yura Pismerov ypismerov at tucows.com
Mon Jul 1 16:34:02 GMT 2002 

interfaces = list interfaces you want to bind Samba to
bind interfaces only = True


Michael Moorhouse wrote:
> 
> Hello,
> I have recently had 'Broadband' (Cable) Internet installed in my house
> and I have setup the my Linux PC to do Network Address Translation for
> my Windows PC.  This system has worked well with the PPP modem, and I
> know that a full Proxy server would be better, but at the moment I
> haven't got the time to set one up etc.
> This setup worked fine:
> 
> Modem[ppp0 DHCP]:------:192.168.10.250[eth0]:
> -------X-------192.168.10.5 [eth0]
> 
> [The 'X' implies crossover cable]
> 
> So I added a second Ethernet card [eth1] and installed the SuSE firewall
> 2 (basically IP packet filtering and NAT done through IPtables I think)
> as I didn't want to leave my Linux PC on all night, connected to the Net
> unprotected (also shut down most of the services).  My aim was to use
> the existing Linux box as a combined Firewall/Gateway/non-essiental file
> & backup server.
> The network now looks like this:
> 
> Cable Modem:----------DHCP allocated by ISP [eth1]
>                       192.168.10.250
>  [eth0]-----X------192.168.10.5 [eth0]
> 
> A Hub / Switch will probably get added soon into which eth0 will be
> plugged to offer my parent's PC access as well.
> 
> The NAT works fine, and so does the packet filtering (I think - I'm
> getting my friends to test it for me), but SMBd and NMBd refuses to
> start.  I am using SMBd version 2.2.0 (standard SuSE 7.2 install).
> I get the error:
> [2002/07/01 17:22:34, 2] smbd/server.c:exit_server(440)
>   Closing connections
> [2002/07/01 17:23:54, 2] lib/interface.c:add_interface(85)
>   added interface ip=192.168.10.250 bcast=192.168.10.255 nmask=255.255.255.0
> [2002/07/01 17:23:54, 0] lib/util_sock.c:open_socket_in(819)
>   Get_Hostbyname: Unknown host pc1-hudd4-5-cust142
> [2002/07/01 17:23:54, 2] smbd/server.c:exit_server(440)
>   Closing connections
> 
>  From the SMBd log.
> I think the problem is that the SMBd is trying to offer services to the
> eth1 NIC.  I thought I had told it not to:
> 
> [global]
>   net bios name = Pumpkin
>   server string = Samba %v on (%L)
>   workgroup = bip
>   encrypt passwords = yes
>   security = share
>  log file = /var/log/smbd.log
>    log level = 2
> bind interfaces only = true
> interfaces = eth0
> [install]
>   comment = Installed Software Directory
>   path = /shared/install
>   read only = no
>   writeable = yes
>   guest ok = yes
> # browserable = yes
> 
> [homes]
> comment = Generic Home Share
>  read only = no
> # guest ok = yes
> # browserable = yes
>   writeable = yes
> 
> form /etc/smbd.conf
> 
> As I said, I am using a Firewall.  I think the relevant sections of the SuSEfirewall2 config file are:
> 
> # If this server is a firewall, which should act like a proxy (no direct
> # routing between both networks), or you are an end-user connected to the
> # internet and to an internal network, you have to setup your proxys and
> # reconfigure (all other settings are OK): 2), 3), 9) and maybe 7), 11), 14)
> # 2.)
> # Which is the interface that points to the internet/untrusted networks?
> #
> # Enter all the network devices here which are untrusted.
> #
> # Choice: any number of devices, seperated by a space
> # e.g. "eth0", "ippp0 ippp1 eth0:1"
> #
> FW_DEV_EXT="eth1"
> 
> #
> # 3.)
> # Which is the interface that points to the internal network?
> #
> # Enter all the network devices here which are trusted.
> # If you are not connected to a trusted network (e.g. you have just a
> # dialup) leave this empty.
> #
> # Choice: leave empty or any number of devices, seperated by a space
> # e.g. "tr0", "eth0 eth1 eth1:1" or ""
> #
> # 9.)
> FW_DEV_INT="eth0"
> FW_SERVICES_EXT_TCP=""
> # Common: ssh smtp domain
> FW_SERVICES_INT_TCP="ssh smtp 137:139 ftp"
> # Common: domain syslog
> FW_SERVICES_INT_UDP="137:139"
> # If you are running bind/named set to yes. Remember that you have to open
> # port 53 (or "domain") as udp/tcp to allow incoming queries.
> # Also FW_ALLOW_INCOMING_HIGHPORTS_UDP needs to be "yes"
> FW_SERVICE_DNS="no"
> #
> # if you use dhclient to get an ip address you have to set this to "yes" !
> FW_SERVICE_DHCLIENT="no"
> #
> # set to "yes" if this server is a DHCP server
> FW_SERVICE_DHCPD="no"
> #
> # set to "yes" if this server is running squid. You still have to open the
> # tcp port 3128 to allow remote access to the squid proxy service.
> FW_SERVICE_SQUID="no"
> #
> # set to "yes" if this server is running a samba server. You still have to open
> # the tcp port 139 to allow remote access to SAMBA.
> FW_SERVICE_SAMBA="yes"
> 
> [I am a little unsure about this last option.  I am right in thinking that this enables the forwarding of SMB _from_ external networks?  ]
> # 11.)
> # How is access allowed to high (unpriviliged [above 1023]) ports?
> # 7.)
> # Do you want to protect the firewall from the internal network?
> FW_PROTECT_FROM_INTERNAL="no"   #It's a home LAN - only my 2 PCs on it!
> # 14.)
> # Which services accessed from the internet should be allowed to masqueraded
> # servers (on the internal network or dmz)?
> # REQUIRES: FW_ROUTE
> 
> If I disable eth1, Samba works fine, trouble is...no Net!  It's one or the other.  At the moment I'm choosing 'Net'...
> Does anybody have any suggestions how to solve this?
> Thanks,
> Michael M.
> 
> 
> --
> ================================================================================
> "How to explain? How to describe? Even the omniscient viewpoint quails."
>      - from 'A Fire Upon the Deep' by Vernor Vinge
>                                                        michael at mjmoorhouse.co.uk
> ================================================================================
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list