[Samba] Samba + Two NICs

Mon, 02 Feb 2009 18:52:20 -0800 

Hello,
I am using samba-3.0.24-11.fc6 for my workgroup with user security level simple setup and samba works fine; I have two network interfaces eth0(internal LAN) & eth1(external), the problem I face is whenever my internet disconnects and link on eth1 goes down my samba also hangs and windows clients are unable to access samba shares (probably they could not find the samba server), I thought this is due to smbd and nmbd listening on both interfaces eth0 and eth1, so I tried setting following parameters in smb.conf: 

hosts allow = 192.168.10.0/24 127.0.0.1
local master = yes
os level = 65
interfaces = eth0 lo (so that samba will not listen on eth1)
bind interfaces only =yes


but my problem still continues inspite of above settings, but if I execute 
"ifdown eth1" command samba restores its state immediately and now all 
clients can access the shares normally.



What parameters I need to set in order to operate samba normally on 
interface eth0 only and ignoring the status of eth1?

Is this a firewall issue? (I have setup nat; see below my iptables conf)
Please help.

Netstat command output:

[r...@matrix ~]# netstat -tapn | grep smbd

tcp        0      0 192.168.10.254:139          0.0.0.0:* 
LISTEN      3199/smbd
tcp        0      0 127.0.0.1:139                  0.0.0.0:* 
LISTEN      3199/smbd
tcp        0      0 192.168.10.254:445          0.0.0.0:* 
LISTEN      3199/smbd
tcp        0      0 127.0.0.1:445                  0.0.0.0:* 
LISTEN      3199/smbd
tcp        0     12 192.168.10.254:445          192.168.10.251:19464 
ESTABLISHED 9517/smbd
tcp        0      0 192.168.10.254:445          192.168.10.102:1046 
ESTABLISHED 9580/smbd

[r...@matrix ~]# netstat -apn | grep nmbd

udp        0      0 192.168.10.254:137          0.0.0.0:* 
3203/nmbd
udp        0      0 0.0.0.0:137                     0.0.0.0:* 
3203/nmbd
udp        0      0 192.168.10.254:138          0.0.0.0:* 
3203/nmbd
udp        0      0 0.0.0.0:138                     0.0.0.0:* 
3203/nmbd

unix  2      [ ]         DGRAM                    20850  3203/nmbd

Iptables configuration:


# Generated by iptables-save v1.4.1.1 on Sat Dec 27 11:26:07 2008

*nat

:PREROUTING ACCEPT [19:1945]

:POSTROUTING ACCEPT [0:0]

:OUTPUT ACCEPT [4:290]

-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128

-A POSTROUTING -o eth1 -j MASQUERADE

#-A POSTROUTING -o eth1 -j SNAT --to-source 203.129.225.54

#-A POSTROUTING -o eth1 -j SNAT --to-source 192.168.1.5

#-A POSTROUTING -o eth1 -j SNAT --to-source 59.90.140.72

COMMIT

# Completed on Sat Dec 27 11:26:07 2008

# Generated by iptables-save v1.4.1.1 on Sat Dec 27 11:26:07 2008

*filter

:INPUT DROP [79:8157]

:FORWARD DROP [0:0]

:OUTPUT DROP [12:1482]

:okay - [0:0]

-A INPUT -i eth0 -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT

-A INPUT -s 192.168.10.0/24 -i eth0 -j ACCEPT

-A INPUT -s 127.0.0.1/32 -i lo -j ACCEPT

-A INPUT -s 192.168.10.254/32 -i lo -j ACCEPT

-A INPUT -s 203.129.225.55/32 -i lo -j ACCEPT

-A INPUT -s 59.90.140.72/32 -i lo -j ACCEPT

-A INPUT -s 192.168.1.5/32 -i lo -j ACCEPT

-A INPUT -d 192.168.10.255/32 -i eth0 -j ACCEPT

-A INPUT -d 203.129.225.55/32 -m state --state RELATED,ESTABLISHED -j ACCEPT

-A INPUT -d 59.90.140.72/32 -m state --state RELATED,ESTABLISHED -j ACCEPT

-A INPUT -d 192.168.1.5/32 -m state --state RELATED,ESTABLISHED -j ACCEPT

-A INPUT -i eth1 -p tcp -m tcp --dport 21 -j okay

-A INPUT -i eth1 -p tcp -m tcp --dport 20 -j okay

-A INPUT -i eth1 -p tcp -m tcp --dport 22 -j okay

-A INPUT -i eth1 -p tcp -m tcp --dport 80 -j okay

-A INPUT -p UDP -i eth0 --destination-port 53 -j ACCEPT

-A INPUT -p UDP -i eth1 --destination-port 53 -j ACCEPT

-A INPUT -i eth1 -p icmp -m icmp --icmp-type 8 -j ACCEPT

-A INPUT -i eth1 -p icmp -m icmp --icmp-type 11 -j ACCEPT

-A FORWARD -i eth0 -j ACCEPT

-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

-A OUTPUT -s 127.0.0.1/32 -j ACCEPT

-A OUTPUT -s 192.168.10.254/32 -j ACCEPT

-A OUTPUT -s 203.129.225.55/32 -j ACCEPT

-A OUTPUT -s 59.90.140.72/32 -j ACCEPT

-A OUTPUT -s 192.168.1.5/32 -j ACCEPT

-A okay -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT

-A okay -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT

-A okay -p tcp -j DROP

COMMIT

# Completed on Sat Dec 27 11:26:07 2008

# Generated by webmin

*mangle

:FORWARD ACCEPT [0:0]

:INPUT ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:PREROUTING ACCEPT [0:0]

:POSTROUTING ACCEPT [0:0]

COMMIT

# Completed



Regards,


Rahul. 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba














    











					Reply via email to