Samba and network browsing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,
 I am using samba-3.0.24-11.fc6 for my workgroup with user security level
simple setup and samba works fine; I have two network interfaces
eth0(internal LAN) & eth1(external), the problem I face is whenever my
internet disconnects and link on eth1 goes down my samba also hangs and
windows clients are unable to access samba shares (probably they could not
find the samba server), I thought this is due to smbd and nmbd listening on
both interfaces eth0 and eth1, so I tried setting following parameters in
smb.conf:

hosts allow = 192.168.10.0/24 127.0.0.1
local master = yes
os level = 65
interfaces = eth0 lo (so that samba will not listen on eth1)
bind interfaces only =yes

but my problem still continues inspite of above settings, but if I execute
"ifdown eth1" (when internet disconnects on eth1) command samba restores its state immediately and now all
clients can access the shares normally.

What parameters I need to set in order to operate samba normally on
interface eth0 only and ignoring the status of eth1?
Is this a firewall issue? (I have setup nat; see below my iptables/nat conf)
Is this NAT problem?
Why samba is not respoding to clients when eth1 goes down?
Please help.

Netstat command output:

[root@matrix ~]# netstat -tapn | grep smbd
tcp        0      0 192.168.10.254:139          0.0.0.0:*
LISTEN      3199/smbd
tcp        0      0 127.0.0.1:139                  0.0.0.0:*
LISTEN      3199/smbd
tcp        0      0 192.168.10.254:445          0.0.0.0:*
LISTEN      3199/smbd
tcp        0      0 127.0.0.1:445                  0.0.0.0:*
LISTEN      3199/smbd
tcp        0     12 192.168.10.254:445          192.168.10.251:19464
ESTABLISHED 9517/smbd
tcp        0      0 192.168.10.254:445          192.168.10.102:1046
ESTABLISHED 9580/smbd
[root@matrix ~]# netstat -apn | grep nmbd
udp        0      0 192.168.10.254:137          0.0.0.0:*
3203/nmbd
udp        0      0 0.0.0.0:137                     0.0.0.0:*
3203/nmbd
udp        0      0 192.168.10.254:138          0.0.0.0:*
3203/nmbd
udp        0      0 0.0.0.0:138                     0.0.0.0:*
3203/nmbd
unix  2      [ ]         DGRAM                    20850  3203/nmbd

Iptables configuration:


# Generated by iptables-save v1.4.1.1 on Sat Dec 27 11:26:07 2008

*nat

:PREROUTING ACCEPT [19:1945]

:POSTROUTING ACCEPT [0:0]

:OUTPUT ACCEPT [4:290]

-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128

-A POSTROUTING -o eth1 -j MASQUERADE

#-A POSTROUTING -o eth1 -j SNAT --to-source 203.129.225.54

#-A POSTROUTING -o eth1 -j SNAT --to-source 192.168.1.5

#-A POSTROUTING -o eth1 -j SNAT --to-source 59.90.140.72

COMMIT

# Completed on Sat Dec 27 11:26:07 2008

# Generated by iptables-save v1.4.1.1 on Sat Dec 27 11:26:07 2008

*filter

:INPUT DROP [79:8157]

:FORWARD DROP [0:0]

:OUTPUT DROP [12:1482]

:okay - [0:0]

-A INPUT -i eth0 -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT

-A INPUT -s 192.168.10.0/24 -i eth0 -j ACCEPT

-A INPUT -s 127.0.0.1/32 -i lo -j ACCEPT

-A INPUT -s 192.168.10.254/32 -i lo -j ACCEPT

-A INPUT -s 203.129.225.55/32 -i lo -j ACCEPT

-A INPUT -s 59.90.140.72/32 -i lo -j ACCEPT

-A INPUT -s 192.168.1.5/32 -i lo -j ACCEPT

-A INPUT -d 192.168.10.255/32 -i eth0 -j ACCEPT

-A INPUT -d 203.129.225.55/32 -m state --state RELATED,ESTABLISHED -j ACCEPT

-A INPUT -d 59.90.140.72/32 -m state --state RELATED,ESTABLISHED -j ACCEPT

-A INPUT -d 192.168.1.5/32 -m state --state RELATED,ESTABLISHED -j ACCEPT

-A INPUT -i eth1 -p tcp -m tcp --dport 21 -j okay

-A INPUT -i eth1 -p tcp -m tcp --dport 20 -j okay

-A INPUT -i eth1 -p tcp -m tcp --dport 22 -j okay

-A INPUT -i eth1 -p tcp -m tcp --dport 80 -j okay

-A INPUT -p UDP -i eth0 --destination-port 53 -j ACCEPT

-A INPUT -p UDP -i eth1 --destination-port 53 -j ACCEPT

-A INPUT -i eth1 -p icmp -m icmp --icmp-type 8 -j ACCEPT

-A INPUT -i eth1 -p icmp -m icmp --icmp-type 11 -j ACCEPT

-A FORWARD -i eth0 -j ACCEPT

-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

-A OUTPUT -s 127.0.0.1/32 -j ACCEPT

-A OUTPUT -s 192.168.10.254/32 -j ACCEPT

-A OUTPUT -s 203.129.225.55/32 -j ACCEPT

-A OUTPUT -s 59.90.140.72/32 -j ACCEPT

-A OUTPUT -s 192.168.1.5/32 -j ACCEPT

-A okay -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT

-A okay -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT

-A okay -p tcp -j DROP

COMMIT

# Completed on Sat Dec 27 11:26:07 2008

# Generated by webmin

*mangle

:FORWARD ACCEPT [0:0]

:INPUT ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:PREROUTING ACCEPT [0:0]

:POSTROUTING ACCEPT [0:0]

COMMIT

# Completed


Regards,

Rahul.
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux