Hello,
I am using samba-3.0.24-11.fc6 for my workgroup with user security level
simple setup and samba works fine; I have two network interfaces
eth0(internal LAN) & eth1(external), the problem I face is whenever my
internet disconnects and link on eth1 goes down my samba also hangs and
windows clients are unable to access samba shares (probably they could not
find the samba server), I thought this is due to smbd and nmbd listening on
both interfaces eth0 and eth1, so I tried setting following parameters in
smb.conf:
hosts allow = 192.168.10.0/24 127.0.0.1
local master = yes
os level = 65
interfaces = eth0 lo (so that samba will not listen on eth1)
bind interfaces only =yes
but my problem still continues inspite of above settings, but if I execute
"ifdown eth1" (when internet disconnects on eth1) command samba restores its
state immediately and now all
clients can access the shares normally.
What parameters I need to set in order to operate samba normally on
interface eth0 only and ignoring the status of eth1?
Is this a firewall issue? (I have setup nat; see below my iptables/nat conf)
Is this NAT problem?
Why samba is not respoding to clients when eth1 goes down?
Please help.
Netstat command output:
[root@matrix ~]# netstat -tapn | grep smbd
tcp 0 0 192.168.10.254:139 0.0.0.0:*
LISTEN 3199/smbd
tcp 0 0 127.0.0.1:139 0.0.0.0:*
LISTEN 3199/smbd
tcp 0 0 192.168.10.254:445 0.0.0.0:*
LISTEN 3199/smbd
tcp 0 0 127.0.0.1:445 0.0.0.0:*
LISTEN 3199/smbd
tcp 0 12 192.168.10.254:445 192.168.10.251:19464
ESTABLISHED 9517/smbd
tcp 0 0 192.168.10.254:445 192.168.10.102:1046
ESTABLISHED 9580/smbd
[root@matrix ~]# netstat -apn | grep nmbd
udp 0 0 192.168.10.254:137 0.0.0.0:*
3203/nmbd
udp 0 0 0.0.0.0:137 0.0.0.0:*
3203/nmbd
udp 0 0 192.168.10.254:138 0.0.0.0:*
3203/nmbd
udp 0 0 0.0.0.0:138 0.0.0.0:*
3203/nmbd
unix 2 [ ] DGRAM 20850 3203/nmbd
Iptables configuration:
# Generated by iptables-save v1.4.1.1 on Sat Dec 27 11:26:07 2008
*nat
:PREROUTING ACCEPT [19:1945]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [4:290]
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A POSTROUTING -o eth1 -j MASQUERADE
#-A POSTROUTING -o eth1 -j SNAT --to-source 203.129.225.54
#-A POSTROUTING -o eth1 -j SNAT --to-source 192.168.1.5
#-A POSTROUTING -o eth1 -j SNAT --to-source 59.90.140.72
COMMIT
# Completed on Sat Dec 27 11:26:07 2008
# Generated by iptables-save v1.4.1.1 on Sat Dec 27 11:26:07 2008
*filter
:INPUT DROP [79:8157]
:FORWARD DROP [0:0]
:OUTPUT DROP [12:1482]
:okay - [0:0]
-A INPUT -i eth0 -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT
-A INPUT -s 192.168.10.0/24 -i eth0 -j ACCEPT
-A INPUT -s 127.0.0.1/32 -i lo -j ACCEPT
-A INPUT -s 192.168.10.254/32 -i lo -j ACCEPT
-A INPUT -s 203.129.225.55/32 -i lo -j ACCEPT
-A INPUT -s 59.90.140.72/32 -i lo -j ACCEPT
-A INPUT -s 192.168.1.5/32 -i lo -j ACCEPT
-A INPUT -d 192.168.10.255/32 -i eth0 -j ACCEPT
-A INPUT -d 203.129.225.55/32 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -d 59.90.140.72/32 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -d 192.168.1.5/32 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 21 -j okay
-A INPUT -i eth1 -p tcp -m tcp --dport 20 -j okay
-A INPUT -i eth1 -p tcp -m tcp --dport 22 -j okay
-A INPUT -i eth1 -p tcp -m tcp --dport 80 -j okay
-A INPUT -p UDP -i eth0 --destination-port 53 -j ACCEPT
-A INPUT -p UDP -i eth1 --destination-port 53 -j ACCEPT
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A FORWARD -i eth0 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -s 127.0.0.1/32 -j ACCEPT
-A OUTPUT -s 192.168.10.254/32 -j ACCEPT
-A OUTPUT -s 203.129.225.55/32 -j ACCEPT
-A OUTPUT -s 59.90.140.72/32 -j ACCEPT
-A OUTPUT -s 192.168.1.5/32 -j ACCEPT
-A okay -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A okay -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A okay -p tcp -j DROP
COMMIT
# Completed on Sat Dec 27 11:26:07 2008
# Generated by webmin
*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed
Regards,
Rahul.
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines