[Samba] force Samba bind to internal IP only (VPN) - possible bug ?

Ulrich Kohlhase Ulrich.Kohlhase at t-online.de
Fri Mar 15 21:20:03 GMT 2002 

Hello everybody,

I'm reposting the issue below, since I suspect this to be a bug in the
recent Samba version. I tried to switch the internal IP to interface
eth0 also, just in case Samba by default sends on eth0, but packets
still get sent from the external IP.
How come nmbd complains about
- response packet id ... received with no matching record
and 
- domain_master_node_status_fail ?



We need to configure Samba (recent cvs) on our Linux (SuSE 7.2) box
(iptables/FreeSwan) acting as firewall, router and VPN gateway. Whenever
nmbd or smbclient try to connect to our Samba PDC (WINS ok, IP
192.168.0.5) packets are sent with a source address of the external
interface x.y.46.70 and will of course be blocked by iptables and never
be routable to subnet 192.168.0.0 .
I tried :
- interfaces = localhost 192.168.1.1/24
- bind interfaces only = Yes (and No also)
all to no avail.
Samba obviously needs to be "taught" (by whatever means, be it smb.conf
or source code modification) to generate outgoing packets having the
internal IP 192.168.1.1 set only. Is this a known bug or feature ?
I'm shure the problem is not caused by iptables or ipsec configurations,
since ports were open for testing purpose and VPN works.

Any advice or pointers are very much appreciated,
Thanks a lot in advance
Uli

log.nmbd:
----------------------
[2002/03/16 05:50:13, 0] nmbd/nmbd.c:main(794)
  Netbios nameserver version 2.2.4-pre started.
  Copyright Andrew Tridgell and the Samba Team 1994-2002
[2002/03/16 05:50:13, 0] lib/debug.c:debug_message(259)
  INFO: Debug class all level = 1   (pid 16200 from pid 16200)
[2002/03/16 05:50:17, 0]
nmbd/nmbd_responserecordsdb.c:find_response_record(235)
  find_response_record: response packet id 18478 received with no
matching record.
[2002/03/16 05:50:17, 0]
nmbd/nmbd_responserecordsdb.c:find_response_record(235)
  find_response_record: response packet id 18479 received with no
matching record.
[2002/03/16 05:55:54, 0]
nmbd/nmbd_become_lmb.c:become_local_master_stage2(404)
  *****
  
  Samba name server CASSINI is now a local master browser for workgroup
ALPHACENTAURI on subnet 192.168.1.1
  
  *****
[2002/03/16 05:56:15, 0]
nmbd/nmbd_browsesync.c:domain_master_node_status_fail(262)
  domain_master_node_status_fail:
  Doing a node status request to the domain master browser
  for workgroup ALPHACENTAURI at IP 192.168.0.5 failed.
  Cannot sync browser lists.

Netstat -an output:
------------------------
tcp  0  0  127.0.0.1:139     0.0.0.0:*       LISTEN      
tcp  0  0  192.168.1.1:139   0.0.0.0:*       LISTEN      
tcp  0  1  x.y.46.70:4837    192.168.0.5:139 SYN_SENT    
tcp  0 96  x.y.46.70:22      x.y.174.74:2433 CONNECT   
udp  0  0  192.168.1.1:137   0.0.0.0:*
udp  0  0  0.0.0.0:137       0.0.0.0:*
udp  0  0  192.168.1.1:138   0.0.0.0:*

relevant smb.conf stuff:
-------------------------
interfaces = localhost 192.168.1.1/24
bind interfaces only = Yes 
domain master = no
local master = yes
remote announce = 192.168.0.5
remote browse sync = 192.168.0.5
os level = 65
wins server = 192.168.0.5 
name resolve order = wins hosts lmhosts
hosts allow = localhost, 192.168.
guest ok = Yes

More information about the samba mailing list