[Samba] validating throught natting firewall

Leonardo Boselli leo at dicea.unifi.it
Wed May 26 19:25:39 GMT 2004

This is not a strictly samba problem, but i hope someone could help me: 
I have two NT4 server (PDC and BDC) on a subnet a.b.c.0/24 .
I have a number of win2000 with some NT4, XP clients and some win2k 
and samba servers. All are happy whitin the subnet.
For local policy i have four  in an area that have some security concern 
so these are behind a linux gateway acring as a natting firewall.
So this firewall is set that every host "inside the area" get a number by 
dhcp in to 
Only four machines (one NT4 and three win2k) have fixed address to .197 . 
on the gateway there is an iptables as:
-A PREROUTING -s a.b.c.0/ -d a.b.c.194 -j DNAT --to-
-A POSTROUTING -s -j SNAT --to-source a.b.c.194

I have added to the domain the four administrators` hosts [by just 
plugghing diretly to main network with a temporary number) 
This way for that 4 machines all ports are open.
All service run smoothly except that if I try from one of such machines to 
login as a non local user or try to add permission for an user on the 
server the machines invariantly say that thy cannot access main server.
i have also added in lmhosts the address of the PDC and BDC with #PRE 
#DOMLMYDOMAIN but no success.
It seem that thse machines cannot validate to the server throught the 
natting firewall (that incidentally, does not firewall anything for those 4 
address, jst shift the addresses both way !)
Can you help me ????
Leonardo Boselli
Nucleo Informatico e Telematico del Dipartimento Ingegneria Civile
Universita` di Firenze , V. S. Marta 3 - I-50139 Firenze
tel +39 0554796431 cell +39 3488605348 fax +39 055495333

More information about the samba mailing list