Re: Fwd: Samba NetBios

On Thu, 5 Jul 2007 13:40:07 +0200
"Gabor Tjong A Hung" <g.v.tjongahung@xxxxxxxxx> wrote:

Dear all,

The idea is to share it over a local area network.
This LAN has a wins server.
my server has a jail in which samba resides.
In order for the LAN to be serviced by my jailed samba I have NATED and
RDRed the required packets
In order for the LAN to browse the network NETBIOS seems to be a problem.
AFAIK when one sends a netBIOS packet an ip is embedded and the response is
sent to that ip. NAT only redirects the packet to he appropriate network,
but apparently the packet needs to be altered too in order for a response to
be sent.
I hope this information was sufficient

<snip>
smb_jail_ip="10.0.0.3"
int_ip="172.20.25.177"
samba_UDP_ports = "{netbios-ns, netbios-dgm}"
samba_TCP_ports = "{microsoft-ds, netbios-ssn}"

#smb
nat on $int_if from $smb_jail_ip to $int_if:network ->$int_ip
rdr on $int_if proto TCP from any to $int_ip port $samba_TCP_ports ->
$smb_jail_ip
rdr on $int_if proto UDP from any to $int_if:broadcast port $samba_UDP_ports
-> $smb_jail_ip
rdr on $int_if proto UDP from any to $int_ip port $samba_UDP_ports ->
$smb_jail_ip


pass in quick on $int_if all
pass out quick on $int_if all
</snip>

Hi Gabor,
I dont recall ever doing NAT+netbios myself - maybe just too lazy to work
around all this ;).

What i've done with no problem is to use WINS (or /mumble/mubmle/lmhosts :) to
route the packets from 172.20.25/24 to the 10.0.0./24 subnet, and back. Well,
normal TCP/IP routing for routing, and then WINS/LMHOST to solve the issue that
the normal Netbios name discovery broadcasts wont reach other subnets.

I dont think i've actually done it with jails , but it works with SMB over VPN
links to the other side of the world (it makes you cry, though, slow as a
dead snail) and different VMNets in VMWare hosts and the outside LAN.

Apologies for not actually proposing a solution to your problem... :-P

B


On 7/5/07, Norberto Meijome <freebsd@xxxxxxxxxxx> wrote:

On Wed, 4 Jul 2007 19:22:13 +0200
"Gabor Tjong A Hung" <g.v.tjongahung@xxxxxxxxx> wrote:

Dear all,

I was told that my questions was better served here than in ports@


I've recently put my samba server in a jail, but as you can see @
http://www.faughnan.com/netbios.html NetBIOS is a bit of a problem and
can
cause alot of headache. I was unable to find a nat helper for pf, so I
was
wondering if I could bridge my jail with it's host. the bridge
manual<http://www.freebsd.org/cgi/man.cgi?query=bridge&sektion=4
however
requires me to have *two* network devices(or so it says), but my
jails are just aliases on the same network device.
Does anyone know another solution to make browsing possible? or have a
clue
on how to make the solutions I tried work.

ifconfig
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
inet6 fe80::202:44ff:fe30:dd04%rl0 prefixlen 64 scopeid 0x1
inet 172.20.25.177 netmask 0xfffffc00 broadcast 172.20.27.255
inet 10.0.0.3 netmask 0xffffffff broadcast 10.0.0.3
inet 10.0.0.2 netmask 0xffffffff broadcast 10.0.0.2
inet 10.0.0.6 netmask 0xffffffff broadcast 10.0.0.6
inet 10.0.0.4 netmask 0xffffffff broadcast 10.0.0.4
inet 10.0.0.5 netmask 0xffffffff broadcast 10.0.0.5
ether 00:02:44:30:dd:04
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active

hi Gabor,
are you trying to share over SMB between the jails?
between the hosts and the jails?
you may want to explain your plans... using NAT for netbios seems a bit
overkill to me, unless you plan to send SMB packets over the larger
internet...which in itself seems a bad idea.

If you only need SMB across different LAN segments, setup WINS server(s)
(MS or
from the Samba project).

B
_________________________
{Beto|Norberto|Numard} Meijome

"It is a lesson which all history teaches wise men, to put trust in ideas,
and
not in circumstances." Emerson

I speak for myself, not my employer. Contents may be hot. Slippery when
wet.
Reading disclaimers makes you go blind. Writing them is worse. You have
been
Warned.



_________________________
{Beto|Norberto|Numard} Meijome

What you are afraid to do is a clear indicator of the next thing you need to do.

I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: strange packets on my interface
    ... First off, these are you your network over the broadcast IP, which means ... coming from, as some machine on your LAN is doing it, in my opinion. ... The penalty for laughing in a courtroom is six months in jail; if it were not for this penalty, the jury would never hear the evidence. ...
    (comp.os.linux.security)
  • Re: Net send message to entire LAN
    ... > Is there a way I can broadcast a net send message or another type of ... > message to everyone on my LAN? ... If your network is composed of Windows NT or XP you can use NET SEND ...
    (microsoft.public.windowsxp.general)
  • Re: Jails and IP Aliasing
    ... gotcha with jails. ... inet 10.0.1.2 netmask 0xffffff00 broadcast 10.0.1.255 ...
    (freebsd-questions)
  • Re: Bridging-Probleme
    ... Infrasktur-WLANs bis auf den Rundruf mit der SSID keinen Broadcast. ... Basisstation, Von daher frage ich mich eh gerade, wie ARP da läuft. ... Hatte mal an einem DSL Router mit 4xLAN und WLAN und einen LAN Router mit 4xLAN und WLAN über die internen LAN Ports per Crossover miteinander verbunden. ...
    (de.comp.os.unix.networking.misc)
  • Re: Jails and IP Aliasing
    ... gotcha with jails. ... inet 10.0.1.2 netmask 0xffffff00 broadcast 10.0.1.255 ...
    (freebsd-questions)