Samba on a router; doesn't work for outer network.
Rob
spamrefuse at yahoo.com
Mon Jan 3 07:45:14 PST 2005
James Jhai wrote:
> On Monday 03 January 2005 07:12 am, Rob wrote:
>
>>Hi,
>>
>>I have tried to configure Samba on a FreeBSD (5.3) router & NAT.
>>
>>I want to have a single accessible directory with a password,
>>that can be accessed from the inner network (10.0.0.X) as well
>>as from the outer network (outer network = Windows PCs that use
>>the same external router as the FreeBSD PC).
>>
>>It works for the inner network, but not for the outer network
>>(see below for network scheme). All Windows PCs are XP.
>>
>>For testing this, I use an 'open' firewall. I should tighten the
>>firewall as soon as this is working.
>>
>>The /usr/local/etc/smb.conf (configured with swat) is as follows:
>>
>>#------------ smb.conf ----------------------------------
>>[global]
>> workgroup = CISR
>> netbios name = SURFACE
>> server string = FreeBSD Samba Server
>> passdb backend = tdbsam
>> log file = /var/log/samba/log.%m
>> max log size = 50
>> dns proxy = No
>> ldap ssl = no
>>
>>[share]
>> comment = Shared stuff
>> path = /home/share
>> invalid users = @wheel
>> valid users = share
>> read only = No
>> force create mode = 0700
>> force security mode = 0700
>>#---------------------------------------------------------
>>
>>
>
> I belive you'll have to add the "interfaces" option and define all the interfaces that you
> want samba to use. You can use IP's or the interface names (rl0, wi0, ndis0, ed0, etc...).
> In addition to setting firewall rules up, samba also has a deny/allow section, again the swat help
> on the option will give you more details.
Thanks.
I have added following lines in the [global] section of smb.conf:
interfaces = fxp0, rl0, lo0
bind interfaces only = Yes
hosts allow = 123.45.67.89/28, 10.0.0.0/24, 127.0.0.1
hosts deny = ALL
Is that what you are talking about?
rl0 interface is connected to the 10.0.0.0/24 inner-network and
fxp0 is connected to the outer-network with gateway 123.45.67.1.
(I use real IP addresses instead of 123.45.67.89, of course).
Rob.
More information about the freebsd-questions
mailing list