[Samba] Samba + Two NICs

Tue Feb 3 02:29:51 GMT 2009

Hello,
  I am using samba-3.0.24-11.fc6 for my workgroup with user security level 
simple setup and samba works fine; I have two network interfaces 
eth0(internal LAN) & eth1(external), the problem I face is whenever my 
internet disconnects and link on eth1 goes down my samba also hangs and 
windows clients are unable to access samba shares (probably they could not 
find the samba server), I thought this is due to smbd and nmbd listening on 
both interfaces eth0 and eth1, so I tried setting following parameters in 
smb.conf:

hosts allow = 192.168.10.0/24 127.0.0.1
local master = yes
os level = 65
interfaces = eth0 lo (so that samba will not listen on eth1)
bind interfaces only =yes

but my problem still continues inspite of above settings, but if I execute 
"ifdown eth1" command samba restores its state immediately and now all 
clients can access the shares normally.

What parameters I need to set in order to operate samba normally on 
interface eth0 only and ignoring the status of eth1?
Is this a firewall issue? (I have setup nat; see below my iptables conf)
Please help.

Netstat command output:

[root at matrix ~]# netstat -tapn | grep smbd
tcp        0      0 192.168.10.254:139          0.0.0.0:* 
LISTEN      3199/smbd
tcp        0      0 127.0.0.1:139                  0.0.0.0:* 
LISTEN      3199/smbd
tcp        0      0 192.168.10.254:445          0.0.0.0:* 
LISTEN      3199/smbd
tcp        0      0 127.0.0.1:445                  0.0.0.0:* 
LISTEN      3199/smbd
tcp        0     12 192.168.10.254:445          192.168.10.251:19464 
ESTABLISHED 9517/smbd
tcp        0      0 192.168.10.254:445          192.168.10.102:1046 
ESTABLISHED 9580/smbd
[root at matrix ~]# netstat -apn | grep nmbd
udp        0      0 192.168.10.254:137          0.0.0.0:* 
3203/nmbd
udp        0      0 0.0.0.0:137                     0.0.0.0:* 
3203/nmbd
udp        0      0 192.168.10.254:138          0.0.0.0:* 
3203/nmbd
udp        0      0 0.0.0.0:138                     0.0.0.0:* 
3203/nmbd
unix  2      [ ]         DGRAM                    20850  3203/nmbd

Iptables configuration:

# Generated by iptables-save v1.4.1.1 on Sat Dec 27 11:26:07 2008

*nat

:PREROUTING ACCEPT [19:1945]

:POSTROUTING ACCEPT [0:0]

:OUTPUT ACCEPT [4:290]

-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128

-A POSTROUTING -o eth1 -j MASQUERADE

#-A POSTROUTING -o eth1 -j SNAT --to-source 203.129.225.54

#-A POSTROUTING -o eth1 -j SNAT --to-source 192.168.1.5

#-A POSTROUTING -o eth1 -j SNAT --to-source 59.90.140.72

COMMIT

# Completed on Sat Dec 27 11:26:07 2008

# Generated by iptables-save v1.4.1.1 on Sat Dec 27 11:26:07 2008

*filter

:INPUT DROP [79:8157]

:FORWARD DROP [0:0]

:OUTPUT DROP [12:1482]

:okay - [0:0]

-A INPUT -i eth0 -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT

-A INPUT -s 192.168.10.0/24 -i eth0 -j ACCEPT

-A INPUT -s 127.0.0.1/32 -i lo -j ACCEPT

-A INPUT -s 192.168.10.254/32 -i lo -j ACCEPT

-A INPUT -s 203.129.225.55/32 -i lo -j ACCEPT

-A INPUT -s 59.90.140.72/32 -i lo -j ACCEPT

-A INPUT -s 192.168.1.5/32 -i lo -j ACCEPT

-A INPUT -d 192.168.10.255/32 -i eth0 -j ACCEPT

-A INPUT -d 203.129.225.55/32 -m state --state RELATED,ESTABLISHED -j ACCEPT

-A INPUT -d 59.90.140.72/32 -m state --state RELATED,ESTABLISHED -j ACCEPT

-A INPUT -d 192.168.1.5/32 -m state --state RELATED,ESTABLISHED -j ACCEPT

-A INPUT -i eth1 -p tcp -m tcp --dport 21 -j okay

-A INPUT -i eth1 -p tcp -m tcp --dport 20 -j okay

-A INPUT -i eth1 -p tcp -m tcp --dport 22 -j okay

-A INPUT -i eth1 -p tcp -m tcp --dport 80 -j okay

-A INPUT -p UDP -i eth0 --destination-port 53 -j ACCEPT

-A INPUT -p UDP -i eth1 --destination-port 53 -j ACCEPT

-A INPUT -i eth1 -p icmp -m icmp --icmp-type 8 -j ACCEPT

-A INPUT -i eth1 -p icmp -m icmp --icmp-type 11 -j ACCEPT

-A FORWARD -i eth0 -j ACCEPT

-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

-A OUTPUT -s 127.0.0.1/32 -j ACCEPT

-A OUTPUT -s 192.168.10.254/32 -j ACCEPT

-A OUTPUT -s 203.129.225.55/32 -j ACCEPT

-A OUTPUT -s 59.90.140.72/32 -j ACCEPT

-A OUTPUT -s 192.168.1.5/32 -j ACCEPT

-A okay -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT

-A okay -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT

-A okay -p tcp -j DROP

COMMIT

# Completed on Sat Dec 27 11:26:07 2008

# Generated by webmin

*mangle

:FORWARD ACCEPT [0:0]

:INPUT ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:PREROUTING ACCEPT [0:0]

:POSTROUTING ACCEPT [0:0]

COMMIT

# Completed

Regards,

Rahul. 