[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fwtk-users
Subject:    Re: plug-gw and samba
From:       Michel Bardiaux <mbardiaux () peaktime ! be>
Date:       2001-02-22 9:45:24
[Download RAW message or body]

[To be removed from this list send the message "unsubscribe fwtk-users" in the
BODY of a mail message to majordomo@ex.tis.com.]

"Michael St. Laurent" wrote:
 > 
 > Part of the problem is that netbios-ns is a UDP service not TCP.  Plug-gw
 > will only work for TCP services.  You must use another program such as
 > Udprelay for UDP services.
 > 

Quite right, I confused NS and SSN! As a matter of fact, the plug for
netbios-ns was actually useless in the OP's config as well. Fortunately,
one does not *need* netbios-ns to connect to a *known* samba drive, only
to "browse network neighborhood". Correction for my proposed config
follows:

On the relayer, say 1.2.3.1, which is not itself a 'true' Samba
server, run plug-gw like this:

in /etc/services: netbios-alt-ssn 9139

in netperm-table:
plug-gw: port netbios-ssn 1.2.3.* -plug-to firewall -port
netbios-alt-ssn

in rc.local

plug-gw -daemon 139 netbios-ssn

On the firewall:

in /etc/services: netbios-alt-ssn 9139

in netperm-table:

plug-gw: port netbios-alt-ssn 1.2.3.1 -plug-to server2 -port netbios-ssn
plug-gw: port netbios-ssn 1.2.3.* -plug-to server1 -port netbios-ssn

in rc.local

plug-gw -daemon 139 netbios-ssn
plug-gw -daemon 9139 netbios-alt-ssn

That should take care of the NETBIOS-SSN service. For NETBIOS-NS, as you
said, udprelay will be needed, even for 1 server. For two, I think the
same relaying strategy might be required.

Comments?

-- 
Michel Bardiaux
Peaktime Belgium S.A.  Rue Margot, 37  B-1457 Nil St Vincent
Tel : +32 10 65.44.15  Fax : +32 10 65.44.10

[prev in list] [next in list] [prev in thread] [next in thread]