[Samba] force Samba bind to internal IP only
Ulrich Kohlhase
Ulrich.Kohlhase at t-online.de
Mon Mar 11 09:11:14 GMT 2002
Hello everybody,
We need to configure Samba (recent cvs) on our Linux (SuSE 7.2) box
(iptables/FreeSwan) acting as firewall, router and VPN gateway. Whenever
nmbd or smbclient try to connect to our Samba PDC (WINS ok, IP
192.168.0.5) packets are sent with a source address of the external
interface x.y.46.70 and will of course be blocked by iptables and never
be routable to subnet 192.168.0.0 .
I tried :
- interfaces = localhost 192.168.1.1/24
- bind interfaces only = Yes (and No also)
all to no avail.
Samba obviously needs to be "taught" (by whatever means, be it smb.conf
or source code modification) to generate outgoing packets having the
internal IP 192.168.1.1 set only. Is this a known bug or feature ?
I'm shure the problem is not caused by iptables or ipsec configurations,
since ports were open for testing purpose and VPN works.
Any advice or pointers are very much appreciated,
Thanks a lot in advance
Uli
Netstat -an output:
------------------------
tcp 0 0 127.0.0.1:139 0.0.0.0:* LISTEN
tcp 0 0 192.168.1.1:139 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
tcp 0 1 x.y.46.70:4837 192.168.0.5:139 SYN_SENT
tcp 0 96 x.y.46.70:22 x.y.174.74:2433 CONNECT
udp 0 0 192.168.1.1:137 0.0.0.0:*
udp 0 0 0.0.0.0:137 0.0.0.0:*
udp 0 0 192.168.1.1:138 0.0.0.0:*
udp 0 0 0.0.0.0:138 0.0.0.0:*
udp 0 0 0.0.0.0:111 0.0.0.0:*
udp 0 0 x.y.46.70:500 0.0.0.0:*
relevant smb.conf stuff:
-------------------------
interfaces = localhost 192.168.1.1/24
bind interfaces only = Yes
domain master = no
local master = yes
remote announce = 192.168.0.5
remote browse sync = 192.168.0.5
os level = 65
wins server = 192.168.0.5
name resolve order = wins hosts lmhosts
hosts allow = localhost, 192.168.
guest ok = Yes
More information about the samba
mailing list