[Samba] force Samba bind to internal IP only

Joel Hammer Joel at HammersHome.com
Mon Mar 11 12:47:03 GMT 2002


This works for me:

[global]
	netbios name = HAMMER2
	netbios aliases = gateway
	interfaces = 192.168.0.2 
	security = SHARE
	log level = 3 
	hosts allow = 192.168. 127.0.0.1 127.0.0.2 192.168.

Here is ifconfig.

Maybe samba uses eth0 by default.

eth0      Link encap:Ethernet  HWaddr 00:C0:F0:37:FC:31  
          inet addr:192.168.0.2  Bcast:192.168.0.255  Mask:255.255.255.0

eth1      Link encap:Ethernet  HWaddr 00:E0:29:27:6C:FD  
          inet addr:68.47.5.06  Bcast:68.47.5.255  Mask:255.255.248.0

> 
> We need to configure Samba (recent cvs) on our Linux (SuSE 7.2) box
> (iptables/FreeSwan) acting as firewall, router and VPN gateway. Whenever
> nmbd or smbclient try to connect to our Samba PDC (WINS ok, IP
> 192.168.0.5) packets are sent with a source address of the external
> interface x.y.46.70 and will of course be blocked by iptables and never
> be routable to subnet 192.168.0.0 .
> I tried :
> - interfaces = localhost 192.168.1.1/24
> - bind interfaces only = Yes (and No also)
> all to no avail.
> Samba obviously needs to be "taught" (by whatever means, be it smb.conf
> or source code modification) to generate outgoing packets having the
> internal IP 192.168.1.1 set only. Is this a known bug or feature ?
> I'm shure the problem is not caused by iptables or ipsec configurations,
> since ports were open for testing purpose and VPN works.
> 
> Any advice or pointers are very much appreciated,
> Thanks a lot in advance
> Uli
> 
> 
> Netstat -an output:
> ------------------------
> tcp  0  0  127.0.0.1:139     0.0.0.0:*       LISTEN      
> tcp  0  0  192.168.1.1:139   0.0.0.0:*       LISTEN      
> tcp  0  0  0.0.0.0:22        0.0.0.0:*       LISTEN      
> tcp  0  0  0.0.0.0:3128      0.0.0.0:*       LISTEN      
> tcp  0  0  0.0.0.0:25        0.0.0.0:*       LISTEN      
> tcp  0  1  x.y.46.70:4837    192.168.0.5:139 SYN_SENT    
> tcp  0 96  x.y.46.70:22      x.y.174.74:2433 CONNECT   
> udp  0  0  192.168.1.1:137   0.0.0.0:*
> udp  0  0  0.0.0.0:137       0.0.0.0:*
> udp  0  0  192.168.1.1:138   0.0.0.0:*
> udp  0  0  0.0.0.0:138       0.0.0.0:*
> udp  0  0  0.0.0.0:111       0.0.0.0:*
> udp  0  0  x.y.46.70:500     0.0.0.0:*
> 
> relevant smb.conf stuff:
> -------------------------
> interfaces = localhost 192.168.1.1/24
> bind interfaces only = Yes 
> domain master = no
> local master = yes
> remote announce = 192.168.0.5
> remote browse sync = 192.168.0.5
> os level = 65
> wins server = 192.168.0.5 
> name resolve order = wins hosts lmhosts
> hosts allow = localhost, 192.168.
> guest ok = Yes
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba




More information about the samba mailing list