[Samba] Logging denied connections from outside LAN

Jeff Boyce jboyce at meridianenv.com
Wed Jan 23 13:09:22 MST 2013


Greetings -

I have an interesting issue that I am trying to understand.  This may not be 
a direct Samba related issue, but the results of the issue are showing up in 
the Samba log, so I thought I would start here.  Please direct me elsewhere 
if there is a better forum for this question.  I have spent some time 
Googling and have a small understanding of what is going on, but now my 
Google-fu is exhausted and I still don't have a complete understanding of 
the issue and whether I need to make some configuration changes in my 
network.

Issue:
I am seeing in my samba log file denied connections from IP addresses that 
are outside my network.  Since I believe that I have my network firewalled 
and access adequately restricted from outside, I am trying to understand how 
the access attempts are only showing up in my Samba logs.

/var/log/samba/samba.log
[2013/01/22 21:24:34.477896,  0] lib/util_sock.c:1514(matchname)
  matchname: host name/address mismatch: ::ffff:14.132.17.44 != 
14-132-17-44.aichiwest1.commufa.jp
[2013/01/22 21:24:34.479447,  0] lib/util_sock.c:1635(get_peer_name)
  Matchname failed on 14-132-17-44.aichiwest1.commufa.jp ::ffff:14.132.17.44
[2013/01/22 21:24:34.479723,  0] lib/access.c:413(check_access)
  Denied connection from UNKNOWN (::ffff:14.132.17.44)
[2013/01/22 21:24:34.479961,  1] smbd/process.c:2299(smbd_process)
  Connection denied from ::ffff:14.132.17.44

Logwatch
 --------------------- samba Begin ------------------------ 
Connections Denied:
smbd/process.c:2299(smbd_process) ::ffff:109.72.49.42 : 1 Time(s)
smbd/process.c:2299(smbd_process) ::ffff:111.254.232.135 : 1 Time(s)
smbd/process.c:2299(smbd_process) ::ffff:114.46.201.200 : 1 Time(s)
smbd/process.c:2299(smbd_process) ::ffff:121.67.7.193 : 1 Time(s)
smbd/process.c:2299(smbd_process) ::ffff:121.67.7.200 : 1 Time(s)
smbd/process.c:2299(smbd_process) ::ffff:124.11.241.39 : 1 Time(s)
smbd/process.c:2299(smbd_process) ::ffff:14.132.17.44 : 1 Time(s)
 ---------------------- samba End ------------------------- 

Background & Network Information:
1.  The server in which Samba is running (a KVM guest, CentOS 6) does have a 
public IP address.
2.  The firewall rules on this server has ports open for SSH, OpenVPN, 
Webmin, and Samba.  The bottom rule on the input chain deny's all.
3.  On the Server: HostDeny = all, and HostAllow = 192.168.112 (internal 
lan), 10.9.8. (OpenVPN lan), and loopback
4.  Samba config: hosts allow = 127. 192.168.112. 10.9.8.

What I think I understand at this point:
1.  Google research indicates that the Host Name/Address mismatch portion of 
the log file refers to IPV6 name resolution not working.  There are some 
suggestions for fixing that, but it isn't really the issue I am trying to 
understand.
2.  The firewall may not be denying access to Samba because the Samba ports 
are open to make Samba available over our remote access.

What I don't understand:
1.  If the Server OS configuration is restricting access to only the 
internal lan addresses and the OpenVPN lan addresses, then how are the 
access attempts from external addresses getting to Samba where they are 
being logged.

If someone can give me some insight as to what is going on here I would 
appreciate it.  Then I can figure out what I might need to change in my 
network or server.  Thanks.

Also, I am only receiving the Daily Digest of the mailing list, so would 
appreciate any responses CC'ing me directly also.

Jeff Boyce
Meridian Environmental
www.meridianenv.com 



More information about the samba mailing list