[Samba] dynamic iptables and iproute2

michelegonella at libero.it michelegonella at libero.it
Thu Oct 9 15:08:45 GMT 2003

hello everybody,
I am trying to develop a windows friendly firewall/ipsec_tunnel_endpoint.
 Samba(my best compliments to the developers for their very professional
 work) can help me in two major features.
1) I want to write an open source a daemon that dynamically
sets iptables and traffic shaping user profiles based on 
the netbios name(still I have some problems in undestanding 
all the netbios naming service features and samba architecture) 
I was looking for a method to have updated infos about all
clients logon/logoff in a possibly subnetted intranet deploying
various windows flavours with naming facilities raging
from all broadcast to a complete WINS architecture.
Browsing samba documentation I ended up with a tentative
system architecture based just on nmbd and the wins hook mechanism.
I need to teach nmbd about the netbios naming facilities on the intranet
(the windows WINS servers on the net), maybe nmbd itself should be
act as a WINS server; and I need it to give me logon/logoff events
(by wins hook or by polling it using smblookup on the localhost).
Once I have a reliable and updated netbios->ip map of all workstations,
the daemon will do the rest. Here my starting smb.conf dummy file:
#        server string = Samba Server
        syslog only = Yes
        name resolve order = wins  bcast lmhosts host
        max ttl = 259201 ??       # may I set this to very low to have a fresh
map ? 
        max wins ttl = 518401 ??  # may I set this to very low to have a fresh map ?
        min wins ttl = 21601 ??   # may I set this to very low to have a fresh map ?
        preferred master = ?? # do I need this ?
        dns proxy = No
        wins proxy = Yes
        wins server = ??
        wins support = Yes        
	wins hook = /bin/true # a program to feed the daemon with users map
        wins partners = ?? # WINS server nmbd will poll
        lock directory = /var/locks
        pid directory = /var/locks
        remote announce = ??
        remote browse sync = ??
I saw that kill -HUP nmbd dumps a netbios map, can I use this in order
	to have an occasional refresh of the users map (maybe it is not healty for nmbd)?
do I need smbd also ?
why I haven't found a similar project on freshmeat (maybe it can't work
	and I'm not aware why)?
do you think I'm just a fool (or idiot ;)?
would it be  better just to use your db_library and have direct access
	to the info stored by nmbd?
should I forget nmbd and just query the net by smblookup(very ugly net flow

point number 2 refers to the ipsec endpoint; the nmbd conf(if nmbd is itself
a master browser or a wins server) should allow clients from one intranet
to browse clients on  the remote one. This subject is fairly more investigated
on  the internet forums; I want just that my final solution would allow
both point n.1 and 2 go toghether without conflicts and thats why I'm explaining

thanks to anyone for any help would give me.


More information about the samba mailing list