sorry sir, I'm using samba right now and I have a problem, and the problem is that I wana to use my linux box to mount the windows2000 machine's sharefolder , what should I do , thank you for sir/mardam
----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, May 13, 2002 9:26 PM Subject: netfilter digest, Vol 1 #1905 - 6 msgs > Send netfilter mailing list submissions to > [EMAIL PROTECTED] > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.samba.org/listinfo/netfilter > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of netfilter digest..." > > > Today's Topics: > > 1. Re: MS Windows domain logon via netfilter NAT (=?iso-8859-1?Q?Daniel_El=EDas_Robles?=) > 2. Re: MS Windows domain logon via netfilter NAT (Kramer) > 3. FTP problem (Cesar Mello - Axi) > 4. Loading the rules properly (Robert) > 5. Re: FTP problem (Maciej Soltysiak) > 6. Re: MS Windows domain logon via netfilter NAT (Daniel Elias Robles) > > --__--__-- > > Message: 1 > From: =?iso-8859-1?Q?Daniel_El=EDas_Robles?= <[EMAIL PROTECTED]> > To: "AUDEMARD Patrick" <[EMAIL PROTECTED]>, > "Kramer" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> > Subject: Re: MS Windows domain logon via netfilter NAT > Date: Mon, 13 May 2002 06:38:37 -0500 > > This issue have been addressed several times, the correct way to handle this > is not to NAT netbios traficc, due the fact that there is not helper > available -- at least at the time of this writing --, this does not mean you > can not route via iptbles, you still can use it, just do not NAT it. > > I have some large installation, several hundred computers use iptables to > log into the PDC. > > Just expand the range of the private side of your firewall -- in case you > have more that 254 hosts on your lan -- , make sure you packets can find > their way back to your lan -- router issues --, forward as needed, > remember -- don't Masquerade this traffic --"everything gonna be allright". > > Regards, > > > Daniel > Dominican Republic > ----- Original Message ----- > From: "AUDEMARD Patrick" <[EMAIL PROTECTED]> > To: "Kramer" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Monday, May 13, 2002 3:55 AM > Subject: RE: MS Windows domain logon via netfilter NAT > > > IPtable doesn't fully support Netbios over IP. > > Check this article for more information. > > http://support.microsoft.com/default.aspx?scid=kb;en-us;Q172227 > > Patrick AUDEMARD > > -----Message d'origine----- > De : Kramer [mailto:[EMAIL PROTECTED]] > Envoy?: dimanche 12 mai 2002 19:29 > ?: [EMAIL PROTECTED] > Objet : MS Windows domain logon via netfilter NAT > > > I have gotten a RedHat 7.3 box operating as a router/filter to a private > (192.168.132.0/24) with dhcp without too much trouble. One major > problem remains that I can't find any info on. The fixes for the NAT > public address reverse routing and the broadcast address fixes are > already applied. > > Windows client hosts on the NATed LAN can't find the NT4 Domain for > logon. Therefore Network Neighborhood browsing doesn't work. Strangely > direct UNC connections will work if logon credentials are not required. > > I am sure I am not the first to run into this. Can anyone help? > > Jack Kramer > University of Florida > Fort Lauderdale > > > > > > > > --__--__-- > > Message: 2 > Date: Mon, 13 May 2002 08:10:36 -0400 > From: Kramer <[EMAIL PROTECTED]> > To: Daniel =?windows-1252?Q?El=EDas?= Robles <[EMAIL PROTECTED]> > Cc: AUDEMARD Patrick <[EMAIL PROTECTED]>, > [EMAIL PROTECTED] > Subject: Re: MS Windows domain logon via netfilter NAT > > Thanks to all for the replies. I did find all the postings on the web > about NAT and NBT. I am just very surprised that nothing has already > been done about it. There are probably very few networks that don't > have at least some MS windows presense. It seems as thought this would > have gotten some attention by someone on the netfilter team. An > ip_conntrack_NBT is really needed to translate the internal addresses in > the NATed packets. I have Samba running successfully on other boxes but > don't want it on the firewall or inside. In this case I really wanted to > set up the private NAT subnet for many reasons. I guess I either drop > the NAT requirement or am very reluctantly back to using Win2K as the > firewall server ( or saving for a Cisco and all the license fees ). > > Jack > > Daniel El�as Robles wrote: > > > This issue have been addressed several times, the correct way to handle this > > is not to NAT netbios traficc, due the fact that there is not helper > > available -- at least at the time of this writing --, this does not mean you > > can not route via iptbles, you still can use it, just do not NAT it. > > > > I have some large installation, several hundred computers use iptables to > > log into the PDC. > > > > Just expand the range of the private side of your firewall -- in case you > > have more that 254 hosts on your lan -- , make sure you packets can find > > their way back to your lan -- router issues --, forward as needed, > > remember -- don't Masquerade this traffic --"everything gonna be allright". > > > > Regards, > > > > > > Daniel > > Dominican Republic > > ----- Original Message ----- > > From: "AUDEMARD Patrick" <[EMAIL PROTECTED]> > > To: "Kramer" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > > Sent: Monday, May 13, 2002 3:55 AM > > Subject: RE: MS Windows domain logon via netfilter NAT > > > > > > IPtable doesn't fully support Netbios over IP. > > > > Check this article for more information. > > > > http://support.microsoft.com/default.aspx?scid=kb;en-us;Q172227 > > > > Patrick AUDEMARD > > > > -----Message d'origine----- > > De : Kramer [mailto:[EMAIL PROTECTED]] > > Envoy?: dimanche 12 mai 2002 19:29 > > ?: [EMAIL PROTECTED] > > Objet : MS Windows domain logon via netfilter NAT > > > > > > I have gotten a RedHat 7.3 box operating as a router/filter to a private > > (192.168.132.0/24) with dhcp without too much trouble. One major > > problem remains that I can't find any info on. The fixes for the NAT > > public address reverse routing and the broadcast address fixes are > > already applied. > > > > Windows client hosts on the NATed LAN can't find the NT4 Domain for > > logon. Therefore Network Neighborhood browsing doesn't work. Strangely > > direct UNC connections will work if logon credentials are not required. > > > > I am sure I am not the first to run into this. Can anyone help? > > > > Jack Kramer > > University of Florida > > Fort Lauderdale > > > > > > > > > > > > > > > > > --__--__-- > > Message: 3 > From: "Cesar Mello - Axi" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: FTP problem > Date: Mon, 13 May 2002 09:25:51 -0800 > > This is a multi-part message in MIME format. > > ------=_NextPart_000_0014_01C1FA60.2CBBBCB0 > Content-Type: text/plain; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > Hello, > > I've set up a router with Mandrake Linux 8.1 default configuration. = > (iptables). It works fine except for FTP. The computers behind the = > router can connect the FTP site, but don't receive a reply after issuing = > the "LST" command. > > Thank you, > Cesar > =20 > > ------=_NextPart_000_0014_01C1FA60.2CBBBCB0 > Content-Type: text/html; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> > <HTML><HEAD> > <META http-equiv=3DContent-Type content=3D"text/html; = > charset=3Diso-8859-1"> > <META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR> > <STYLE></STYLE> > </HEAD> > <BODY bgColor=3D#ffffff> > <DIV><FONT face=3DArial size=3D2>Hello,</FONT></DIV> > <DIV><FONT face=3DArial size=3D2></FONT> </DIV> > <DIV><FONT face=3DArial size=3D2>I've set up a router with Mandrake = > Linux 8.1=20 > default configuration. (iptables). It works fine except for FTP. = > The=20 > computers behind the router can connect the FTP site, but don't receive = > a reply=20 > after issuing the "LST" command.</FONT></DIV> > <DIV><FONT face=3DArial size=3D2></FONT> </DIV> > <DIV><FONT face=3DArial size=3D2>Thank you,</FONT></DIV> > <DIV><FONT face=3DArial size=3D2>Cesar</FONT></DIV> > <DIV> </DIV></BODY></HTML> > > ------=_NextPart_000_0014_01C1FA60.2CBBBCB0-- > > > > --__--__-- > > Message: 4 > From: Robert <[EMAIL PROTECTED]> > To: NetFilter Users <[EMAIL PROTECTED]> > Subject: Loading the rules properly > Date: Mon, 13 May 2002 08:34:39 -0400 > > Hello, > I've been using the DHCP rules from the tutorial by Oskar Abdreasson, with > a few minor required changes for my MDK 8.1 system. ( Single-user workstation > , DSL Internet Connection.) > My problem is one of loading the rules at the proper time on my system, I > believe. I am encountering a strange problem, hence this letter. > My rules file is called /home/robert/iptables, which is a derivative of > Oskar's file. If I execute "/bin/sh iptables", it takes a few seconds to > load, and then I will do a iptables -L to see the results. > All the rules from his examples are nicely layed out and formatted. I > assume, at this point, that I am protected by these same rules, anotherwords, > they are active. I can go on-line to access the Internet, send mail, etc. > So after checking that my system was working correctly with these rules, I > put the same "/bin/sh /home/robert/iptables" command into my > /etc/rc.d/rc.local script file, and rebooted. > This time however, doing an "iptables -L", I get about 100+ rules listed, > which bears no resemblance to Oskar's example, and now my Internet and email > won't work. First I checked both the MDK Control center and tksysv to make > sure that iptables was not loaded as a daemon, and it was not. Then I did a > "service iptables stop", then a "service iptables start" to reset all the > rules. I then was left with the three basic ACCEPT rules. > Once again, I executed "/bin/sh /home/robert/iptables", and did a > "iptables -L" and everything was layed out normally, and the Internet and > email were both working again. > I had previously deleted my /etc/sysconfig/iptables file, created from a > "service iptables save" command. For some unknown reason, when I did this > per Oskar's tutorial, after loading my /home/robert/iptables rules, and > rebooting, I had the same problem as I have now. > I guess the question is: Why, when I execute the script manually to load > the rules, does it work correctly, but when I put the same command in a > system script, I get entirely different results? > > Thanks, > Robert > > > --__--__-- > > Message: 5 > Date: Mon, 13 May 2002 14:37:39 +0200 (CEST) > From: Maciej Soltysiak <[EMAIL PROTECTED]> > To: Cesar Mello - Axi <[EMAIL PROTECTED]> > Cc: [EMAIL PROTECTED] > Subject: Re: FTP problem > > > I've set up a router with Mandrake Linux 8.1 default configuration. > > (iptables). It works fine except for FTP. The computers behind the > > router can connect the FTP site, but don't receive a reply after > > issuing the "LST" command. > You need the ip_conntrack_ftp module loaded, also if NAT'ing ip_nat_ftp. > > It is best to have these in modules, because you can add the ports > directive to add specific ftp ports to track connections on. > > > Best Regards, > Maciej > > > > > > --__--__-- > > Message: 6 > Subject: Re: MS Windows domain logon via netfilter NAT > From: Daniel Elias Robles <[EMAIL PROTECTED]> > Cc: [EMAIL PROTECTED] > Date: 13 May 2002 08:55:00 -0400 > > I do not see why you need to go back to win2k for firewalling. > > 1.- Is the domain controller on the Internet? > 2.- How many machines will be accessing this server? > 3.- Why do you need to NAT? > > > Daniel > > > On Mon, 2002-05-13 at 08:10, Kramer wrote: > > Thanks to all for the replies. I did find all the postings on the web=20 > > about NAT and NBT. I am just very surprised that nothing has already=20 > > been done about it. There are probably very few networks that don't=20 > > have at least some MS windows presense. It seems as thought this would=20 > > have gotten some attention by someone on the netfilter team. An=20 > > ip_conntrack_NBT is really needed to translate the internal addresses in=20 > > the NATed packets. I have Samba running successfully on other boxes but=20 > > don't want it on the firewall or inside. In this case I really wanted to=20 > > set up the private NAT subnet for many reasons. I guess I either drop=20 > > the NAT requirement or am very reluctantly back to using Win2K as the=20 > > firewall server ( or saving for a Cisco and all the license fees ). > >=20 > > Jack > >=20 > > Daniel El=EDas Robles wrote: > >=20 > > > This issue have been addressed several times, the correct way to handle= > this > > > is not to NAT netbios traficc, due the fact that there is not helper > > > available -- at least at the time of this writing --, this does not mea= > n you > > > can not route via iptbles, you still can use it, just do not NAT it. > > >=20 > > > I have some large installation, several hundred computers use iptables = > to > > > log into the PDC. > > >=20 > > > Just expand the range of the private side of your firewall -- in case y= > ou > > > have more that 254 hosts on your lan -- , make sure you packets can fin= > d > > > their way back to your lan -- router issues --, forward as needed, > > > remember -- don't Masquerade this traffic --"everything gonna be allrig= > ht". > > >=20 > > > Regards, > > >=20 > > >=20 > > > Daniel > > > Dominican Republic > > > ----- Original Message ----- > > > From: "AUDEMARD Patrick" <[EMAIL PROTECTED]> > > > To: "Kramer" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > > > Sent: Monday, May 13, 2002 3:55 AM > > > Subject: RE: MS Windows domain logon via netfilter NAT > > >=20 > > >=20 > > > IPtable doesn't fully support Netbios over IP. > > >=20 > > > Check this article for more information. > > >=20 > > > http://support.microsoft.com/default.aspx?scid=3Dkb;en-us;Q172227 > > >=20 > > > Patrick AUDEMARD > > >=20 > > > -----Message d'origine----- > > > De : Kramer [mailto:[EMAIL PROTECTED]] > > > Envoy=E9 : dimanche 12 mai 2002 19:29 > > > =C0 : [EMAIL PROTECTED] > > > Objet : MS Windows domain logon via netfilter NAT > > >=20 > > >=20 > > > I have gotten a RedHat 7.3 box operating as a router/filter to a privat= > e > > > (192.168.132.0/24) with dhcp without too much trouble. One major > > > problem remains that I can't find any info on. The fixes for the NAT > > > public address reverse routing and the broadcast address fixes are > > > already applied. > > >=20 > > > Windows client hosts on the NATed LAN can't find the NT4 Domain for > > > logon. Therefore Network Neighborhood browsing doesn't work. Strangel= > y > > > direct UNC connections will work if logon credentials are not required. > > >=20 > > > I am sure I am not the first to run into this. Can anyone help? > > >=20 > > > Jack Kramer > > > University of Florida > > > Fort Lauderdale > > >=20 > > >=20 > > >=20 > > >=20 > > >=20 > > >=20 > >=20 > >=20 > >=20 > > > > > > --__--__-- > > _______________________________________________ > netfilter mailing list > [EMAIL PROTECTED] > http://lists.samba.org/listinfo/netfilter > > > End of netfilter Digest
