From crux Tue Jul 02 08:12:48 2002 From: Florian Weber Date: Tue, 02 Jul 2002 08:12:48 +0000 To: crux Subject: Re: Samba + iptables problem X-MARC-Message: https://marc.info/?l=crux&m=102559820821413 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 When am I gonna learn? So: to the list, finally, after two days. On Sunday 30 June 2002 12:59, Mikael Bak wrote: > I have istalled everything and it works fine except for one small detail. > Sometimes when I use MS-network resources (like browsing the network > neighbourhood) from an inside Windows machine, the Crux machine dials out > and makes a connection to the Insternet. > It seems like either my firewall script or my Samba configuration is bad. > I'd really appreciate some help. I'm not really a Samba expert but to me this looks like sth. to do with name resolution. I suspect that your smb-server is trying to resolve a name it doesn't know with a broadcast - on all interfaces it binds to. Unfortunately, this also includes the ppp device. There's also a (small) probability of this being caused by normal DNS lookups The next thing I'd try is: Use the "interfaces" parameter in smb.conf to make Samba *not* bind to your ppp device. This can get rid of any Samba-server-caused broadcasts on your dialout and is good security practice, too. (assuming you don't want to provide SMB access to the internet......) You could also log the offending traffic, either with the packet sniffer of your choice or with an iptables rule: iptables -I OUTPUT 1 -j LOG --log-level info If you need any help with the output just contact me. Florian - -- PGP key ID: 3C4E74DC -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9IWCHm8fasDxOdNwRAkDRAKCmaIRUEXoguNp+FlKAxpXAKad2twCeO7FE EsF+2Uam/jyohoZRvi3yVKo= =+T/b -----END PGP SIGNATURE-----