[Samba] dynamic iptables and iproute2
michelegonella at libero.it
michelegonella at libero.it
Thu Oct 9 15:08:45 GMT 2003
I am trying to develop a windows friendly firewall/ipsec_tunnel_endpoint.
Samba(my best compliments to the developers for their very professional
work) can help me in two major features.
1) I want to write an open source a daemon that dynamically
sets iptables and traffic shaping user profiles based on
the netbios name(still I have some problems in undestanding
all the netbios naming service features and samba architecture)
I was looking for a method to have updated infos about all
clients logon/logoff in a possibly subnetted intranet deploying
various windows flavours with naming facilities raging
from all broadcast to a complete WINS architecture.
Browsing samba documentation I ended up with a tentative
system architecture based just on nmbd and the wins hook mechanism.
I need to teach nmbd about the netbios naming facilities on the intranet
(the windows WINS servers on the net), maybe nmbd itself should be
act as a WINS server; and I need it to give me logon/logoff events
(by wins hook or by polling it using smblookup on the localhost).
Once I have a reliable and updated netbios->ip map of all workstations,
the daemon will do the rest. Here my starting smb.conf dummy file:
# server string = Samba Server
syslog only = Yes
name resolve order = wins bcast lmhosts host
max ttl = 259201 ?? # may I set this to very low to have a fresh
max wins ttl = 518401 ?? # may I set this to very low to have a fresh map ?
min wins ttl = 21601 ?? # may I set this to very low to have a fresh map ?
preferred master = ?? # do I need this ?
dns proxy = No
wins proxy = Yes
wins server = ??
wins support = Yes
wins hook = /bin/true # a program to feed the daemon with users map
wins partners = ?? # WINS server nmbd will poll
lock directory = /var/locks
pid directory = /var/locks
remote announce = ??
remote browse sync = ??
I saw that kill -HUP nmbd dumps a netbios map, can I use this in order
to have an occasional refresh of the users map (maybe it is not healty for nmbd)?
do I need smbd also ?
why I haven't found a similar project on freshmeat (maybe it can't work
and I'm not aware why)?
do you think I'm just a fool (or idiot ;)?
would it be better just to use your db_library and have direct access
to the info stored by nmbd?
should I forget nmbd and just query the net by smblookup(very ugly net flow
point number 2 refers to the ipsec endpoint; the nmbd conf(if nmbd is itself
a master browser or a wins server) should allow clients from one intranet
to browse clients on the remote one. This subject is fairly more investigated
on the internet forums; I want just that my final solution would allow
both point n.1 and 2 go toghether without conflicts and thats why I'm explaining
thanks to anyone for any help would give me.
More information about the samba