[Samba] Logging denied connections from outside LAN
Jeff Boyce
jboyce at meridianenv.com
Wed Jan 23 13:09:22 MST 2013
Greetings -
I have an interesting issue that I am trying to understand. This may not be
a direct Samba related issue, but the results of the issue are showing up in
the Samba log, so I thought I would start here. Please direct me elsewhere
if there is a better forum for this question. I have spent some time
Googling and have a small understanding of what is going on, but now my
Google-fu is exhausted and I still don't have a complete understanding of
the issue and whether I need to make some configuration changes in my
network.
Issue:
I am seeing in my samba log file denied connections from IP addresses that
are outside my network. Since I believe that I have my network firewalled
and access adequately restricted from outside, I am trying to understand how
the access attempts are only showing up in my Samba logs.
/var/log/samba/samba.log
[2013/01/22 21:24:34.477896, 0] lib/util_sock.c:1514(matchname)
matchname: host name/address mismatch: ::ffff:14.132.17.44 !=
14-132-17-44.aichiwest1.commufa.jp
[2013/01/22 21:24:34.479447, 0] lib/util_sock.c:1635(get_peer_name)
Matchname failed on 14-132-17-44.aichiwest1.commufa.jp ::ffff:14.132.17.44
[2013/01/22 21:24:34.479723, 0] lib/access.c:413(check_access)
Denied connection from UNKNOWN (::ffff:14.132.17.44)
[2013/01/22 21:24:34.479961, 1] smbd/process.c:2299(smbd_process)
Connection denied from ::ffff:14.132.17.44
Logwatch
--------------------- samba Begin ------------------------
Connections Denied:
smbd/process.c:2299(smbd_process) ::ffff:109.72.49.42 : 1 Time(s)
smbd/process.c:2299(smbd_process) ::ffff:111.254.232.135 : 1 Time(s)
smbd/process.c:2299(smbd_process) ::ffff:114.46.201.200 : 1 Time(s)
smbd/process.c:2299(smbd_process) ::ffff:121.67.7.193 : 1 Time(s)
smbd/process.c:2299(smbd_process) ::ffff:121.67.7.200 : 1 Time(s)
smbd/process.c:2299(smbd_process) ::ffff:124.11.241.39 : 1 Time(s)
smbd/process.c:2299(smbd_process) ::ffff:14.132.17.44 : 1 Time(s)
---------------------- samba End -------------------------
Background & Network Information:
1. The server in which Samba is running (a KVM guest, CentOS 6) does have a
public IP address.
2. The firewall rules on this server has ports open for SSH, OpenVPN,
Webmin, and Samba. The bottom rule on the input chain deny's all.
3. On the Server: HostDeny = all, and HostAllow = 192.168.112 (internal
lan), 10.9.8. (OpenVPN lan), and loopback
4. Samba config: hosts allow = 127. 192.168.112. 10.9.8.
What I think I understand at this point:
1. Google research indicates that the Host Name/Address mismatch portion of
the log file refers to IPV6 name resolution not working. There are some
suggestions for fixing that, but it isn't really the issue I am trying to
understand.
2. The firewall may not be denying access to Samba because the Samba ports
are open to make Samba available over our remote access.
What I don't understand:
1. If the Server OS configuration is restricting access to only the
internal lan addresses and the OpenVPN lan addresses, then how are the
access attempts from external addresses getting to Samba where they are
being logged.
If someone can give me some insight as to what is going on here I would
appreciate it. Then I can figure out what I might need to change in my
network or server. Thanks.
Also, I am only receiving the Daily Digest of the mailing list, so would
appreciate any responses CC'ing me directly also.
Jeff Boyce
Meridian Environmental
www.meridianenv.com
More information about the samba
mailing list