[prev in list] [next in list] [prev in thread] [next in thread] 

List:       crux
Subject:    Re: Samba + iptables problem
From:       Florian Weber <Florian.Weber () pfaffenhofen ! de>
Date:       2002-07-02 8:12:48
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

<sigh> When am I gonna learn? So: to the list, finally, after two days.


On Sunday 30 June 2002 12:59, Mikael Bak wrote:
> I have istalled everything and it works fine except for one small detail.
> Sometimes when I use MS-network resources (like browsing the network
> neighbourhood) from an inside Windows machine, the Crux machine dials out
> and makes a connection to the Insternet.
> It seems like either my firewall script or my Samba configuration is bad.
> I'd really appreciate some help.

I'm not really a Samba expert but to me this looks like sth. to do with name 
resolution. I suspect that your smb-server is trying to resolve a name it 
doesn't know with a broadcast - on all interfaces it binds to. Unfortunately, 
this also includes the ppp device.
There's also a (small) probability of this being caused by normal DNS lookups

The next thing I'd try is:
Use the "interfaces" parameter in smb.conf to make Samba *not* bind to your 
ppp device.  This can get rid of any Samba-server-caused broadcasts on your 
dialout and is good security practice, too. (assuming you don't want to 
provide SMB access to the internet......)

You could also log the offending traffic, either with the packet sniffer of 
your choice or with an iptables rule:
iptables -I OUTPUT 1 -j LOG --log-level info

If you need any help with the output just contact me.

Florian
- -- 
PGP key ID: 3C4E74DC
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9IWCHm8fasDxOdNwRAkDRAKCmaIRUEXoguNp+FlKAxpXAKad2twCeO7FE
EsF+2Uam/jyohoZRvi3yVKo=
=+T/b
-----END PGP SIGNATURE-----

[prev in list] [next in list] [prev in thread] [next in thread]