From owner-freebsd-questions@FreeBSD.ORG Thu Jul 5 12:34:38 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7876B16A421 for ; Thu, 5 Jul 2007 12:34:38 +0000 (UTC) (envelope-from freebsd@meijome.net) Received: from sigma.octantis.com.au (ns2.octantis.com.au [207.44.189.124]) by mx1.freebsd.org (Postfix) with ESMTP id 420A813C448 for ; Thu, 5 Jul 2007 12:34:38 +0000 (UTC) (envelope-from freebsd@meijome.net) Received: (qmail 12214 invoked from network); 5 Jul 2007 07:34:37 -0500 Received: from 203-158-42-242.dyn.iinet.net.au (HELO localhost) (203.158.42.242) by sigma.octantis.com.au with (DHE-RSA-AES256-SHA encrypted) SMTP; 5 Jul 2007 07:34:37 -0500 Date: Thu, 5 Jul 2007 22:34:34 +1000 From: Norberto Meijome To: "Gabor Tjong A Hung" Message-ID: <20070705223434.5879e55f@localhost> In-Reply-To: <822946050707050440y2e4fd269t607c15c8a2f06524@mail.gmail.com> References: <822946050707040018o1877737ia46252c8ae40fc9b@mail.gmail.com> <20070705005329.65be3130@localhost> <822946050707041022p1e55f853n242dfba946f7bf7b@mail.gmail.com> <20070705110308.7096cbe9@localhost> <822946050707050440y2e4fd269t607c15c8a2f06524@mail.gmail.com> X-Mailer: Claws Mail 2.9.2 (GTK+ 2.10.13; i386-portbld-freebsd6.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Fwd: Samba NetBios X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jul 2007 12:34:38 -0000 On Thu, 5 Jul 2007 13:40:07 +0200 "Gabor Tjong A Hung" wrote: > Dear all, > > The idea is to share it over a local area network. > This LAN has a wins server. > my server has a jail in which samba resides. > In order for the LAN to be serviced by my jailed samba I have NATED and > RDRed the required packets > In order for the LAN to browse the network NETBIOS seems to be a problem. > AFAIK when one sends a netBIOS packet an ip is embedded and the response is > sent to that ip. NAT only redirects the packet to he appropriate network, > but apparently the packet needs to be altered too in order for a response to > be sent. > I hope this information was sufficient > > > smb_jail_ip="10.0.0.3" > int_ip="172.20.25.177" > samba_UDP_ports = "{netbios-ns, netbios-dgm}" > samba_TCP_ports = "{microsoft-ds, netbios-ssn}" > > #smb > nat on $int_if from $smb_jail_ip to $int_if:network ->$int_ip > rdr on $int_if proto TCP from any to $int_ip port $samba_TCP_ports -> > $smb_jail_ip > rdr on $int_if proto UDP from any to $int_if:broadcast port $samba_UDP_ports > -> $smb_jail_ip > rdr on $int_if proto UDP from any to $int_ip port $samba_UDP_ports -> > $smb_jail_ip > > > pass in quick on $int_if all > pass out quick on $int_if all > Hi Gabor, I dont recall ever doing NAT+netbios myself - maybe just too lazy to work around all this ;). What i've done with no problem is to use WINS (or /mumble/mubmle/lmhosts :) to route the packets from 172.20.25/24 to the 10.0.0./24 subnet, and back. Well, normal TCP/IP routing for routing, and then WINS/LMHOST to solve the issue that the normal Netbios name discovery broadcasts wont reach other subnets. I dont think i've actually done it with jails , but it works with SMB over VPN links to the other side of the world (it makes you cry, though, slow as a dead snail) and different VMNets in VMWare hosts and the outside LAN. Apologies for not actually proposing a solution to your problem... :-P B > > On 7/5/07, Norberto Meijome wrote: > > > > On Wed, 4 Jul 2007 19:22:13 +0200 > > "Gabor Tjong A Hung" wrote: > > > > > Dear all, > > > > > > I was told that my questions was better served here than in ports@ > > > > > > > > > > I've recently put my samba server in a jail, but as you can see @ > > > > http://www.faughnan.com/netbios.html NetBIOS is a bit of a problem and > > can > > > > cause alot of headache. I was unable to find a nat helper for pf, so I > > was > > > > wondering if I could bridge my jail with it's host. the bridge > > > > manual > >however > > > > requires me to have *two* network devices(or so it says), but my > > > > jails are just aliases on the same network device. > > > > Does anyone know another solution to make browsing possible? or have a > > > clue > > > > on how to make the solutions I tried work. > > > > > > > > >ifconfig > > > > rl0: flags=8843 mtu 1500 > > > > options=8 > > > > inet6 fe80::202:44ff:fe30:dd04%rl0 prefixlen 64 scopeid 0x1 > > > > inet 172.20.25.177 netmask 0xfffffc00 broadcast 172.20.27.255 > > > > inet 10.0.0.3 netmask 0xffffffff broadcast 10.0.0.3 > > > > inet 10.0.0.2 netmask 0xffffffff broadcast 10.0.0.2 > > > > inet 10.0.0.6 netmask 0xffffffff broadcast 10.0.0.6 > > > > inet 10.0.0.4 netmask 0xffffffff broadcast 10.0.0.4 > > > > inet 10.0.0.5 netmask 0xffffffff broadcast 10.0.0.5 > > > > ether 00:02:44:30:dd:04 > > > > media: Ethernet autoselect (100baseTX ) > > > > status: active > > > > hi Gabor, > > are you trying to share over SMB between the jails? > > between the hosts and the jails? > > you may want to explain your plans... using NAT for netbios seems a bit > > overkill to me, unless you plan to send SMB packets over the larger > > internet...which in itself seems a bad idea. > > > > If you only need SMB across different LAN segments, setup WINS server(s) > > (MS or > > from the Samba project). > > > > B > > _________________________ > > {Beto|Norberto|Numard} Meijome > > > > "It is a lesson which all history teaches wise men, to put trust in ideas, > > and > > not in circumstances." Emerson > > > > I speak for myself, not my employer. Contents may be hot. Slippery when > > wet. > > Reading disclaimers makes you go blind. Writing them is worse. You have > > been > > Warned. > > _________________________ {Beto|Norberto|Numard} Meijome What you are afraid to do is a clear indicator of the next thing you need to do. I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned.