[Samba] validating throught natting firewall
Leonardo Boselli
leo at dicea.unifi.it
Wed May 26 19:25:39 GMT 2004
This is not a strictly samba problem, but i hope someone could help me:
I have two NT4 server (PDC and BDC) on a subnet a.b.c.0/24 .
I have a number of win2000 with some NT4, XP clients and some win2k
and samba servers. All are happy whitin the subnet.
For local policy i have four in an area that have some security concern
so these are behind a linux gateway acring as a natting firewall.
So this firewall is set that every host "inside the area" get a number by
dhcp in 192.168.19.20 to 150.217.19.188
Only four machines (one NT4 and three win2k) have fixed address
192.168.19.194 to .197 .
on the gateway there is an iptables as:
-A PREROUTING -s a.b.c.0/255.255.255.0 -d a.b.c.194 -j DNAT --to-
destination 192.168.19.194
-A POSTROUTING -s 192.168.19.194 -j SNAT --to-source a.b.c.194
I have added to the domain the four administrators` hosts [by just
plugghing diretly to main network with a temporary number)
This way for that 4 machines all ports are open.
All service run smoothly except that if I try from one of such machines to
login as a non local user or try to add permission for an user on the
server the machines invariantly say that thy cannot access main server.
i have also added in lmhosts the address of the PDC and BDC with #PRE
#DOMLMYDOMAIN but no success.
It seem that thse machines cannot validate to the server throught the
natting firewall (that incidentally, does not firewall anything for those 4
address, jst shift the addresses both way !)
Can you help me ????
--
Leonardo Boselli
Nucleo Informatico e Telematico del Dipartimento Ingegneria Civile
Universita` di Firenze , V. S. Marta 3 - I-50139 Firenze
tel +39 0554796431 cell +39 3488605348 fax +39 055495333
http://www.dicea.unifi.it/~leo
More information about the samba
mailing list