From owner-freebsd-net@FreeBSD.ORG Thu Apr 24 08:42:49 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5EE5F106564A for ; Thu, 24 Apr 2008 08:42:49 +0000 (UTC) (envelope-from nejc@skoberne.net) Received: from svarun.infrax.si (syssvarun.infrax.si [89.212.81.4]) by mx1.freebsd.org (Postfix) with ESMTP id 2A5618FC1B for ; Thu, 24 Apr 2008 08:42:49 +0000 (UTC) (envelope-from nejc@skoberne.net) Received: from localhost (sysSvarun.infrax.si [89.212.81.4]) by svarun.infrax.si (Postfix) with ESMTP id 5739824AA72 for ; Thu, 24 Apr 2008 10:42:47 +0200 (CEST) Received: from svarun.infrax.si ([89.212.81.4]) by localhost (svarun.infrax.si [89.212.81.4]) (amavisd-maia, port 10024) with ESMTP id 75186-09 for ; Thu, 24 Apr 2008 10:42:42 +0200 (CEST) Received: from [192.168.15.2] (lk.84.20.249.154.dc.cable.static.lj-kabel.net [84.20.249.154]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: nejko@infrax.si) by svarun.infrax.si (Postfix) with ESMTP id DCF7A24AA71 for ; Thu, 24 Apr 2008 10:42:42 +0200 (CEST) Message-ID: <481047FF.4080707@skoberne.net> Date: Thu, 24 Apr 2008 10:42:39 +0200 From: =?windows-1252?Q?Nejc_=8Akoberne?= User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <254549.19682.qm@web46005.mail.sp1.yahoo.com> In-Reply-To: <254549.19682.qm@web46005.mail.sp1.yahoo.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: Maia Mailguard Subject: Re: Jailed Samba not getting broadcasts X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Apr 2008 08:42:49 -0000 Hello Dewayne, > I have encountered a similar problem, when I configured a SAMBA PDC over > the wan (through IPSEC of course). You might like to consider using > these in your smb.conf: > hosts allow = 10.1. 10.2. > remote announce = 10.1.1.255 10.2.1.255 > remote browse sync = 10.1.1.255 10.2.1.255 I have tried that, but no luck. Still can't resolve the NetBIOS name using solely NetBIOS broadcasts. > If that doesn't solve the need, then perhaps you should modify > /etc/devfs.rules in your base system, to behave a little more > promiscuously, and include something like: > [devfsrules_samba_jail=6] > add include $devfsrules_hide_all > add include $devfsrules_unhide_basic > add include $devfsrules_unhide_login > add path bpf0 unhide I also tried that. Of course I also configured "devfsrules_samba_jail" policy for my jail. So now I can also tcpdump in my jail. But still, those broadcasts seem to be ignored by samba (although I can see them with tcpdump). This works for you? > Note the latter opens a potential security hole if someone breaches > samba jail, providing a means to tcpdump (...) your network This is not a great concern for me since this will be running locally. Thanks a lot for your help, Nejc