From owner-freebsd-questions@FreeBSD.ORG Tue Jan 4 03:48:33 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 110EB16A4CE for ; Tue, 4 Jan 2005 03:48:33 +0000 (GMT) Received: from jail.idea-anvil.net (idea-anvil.net [63.226.12.96]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8738E43D1F for ; Tue, 4 Jan 2005 03:48:32 +0000 (GMT) (envelope-from james@idea-anvil.net) Received: from mail.Idea-Anvil.net (vaio [10.0.0.99]) by jail.idea-anvil.net (8.12.11/8.12.9) with ESMTP id j043mVbC081494 for ; Mon, 3 Jan 2005 20:48:31 -0700 (MST) (envelope-from james@idea-anvil.net) From: James Jhai To: freebsd-questions@freebsd.org Date: Mon, 3 Jan 2005 20:48:30 -0700 User-Agent: KMail/1.7.1 References: <41D952C2.1040708@yahoo.com> <200501030736.55330.james@idea-anvil.net> <41D96888.1060500@yahoo.com> In-Reply-To: <41D96888.1060500@yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200501032048.31169.james@idea-anvil.net> Subject: Re: Samba on a router; doesn't work for outer network. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Jan 2005 03:48:33 -0000 On Monday 03 January 2005 08:45 am, Rob wrote: > James Jhai wrote: > > On Monday 03 January 2005 07:12 am, Rob wrote: > > > >>Hi, > >> > >>I have tried to configure Samba on a FreeBSD (5.3) router & NAT. > >> > >>I want to have a single accessible directory with a password, > >>that can be accessed from the inner network (10.0.0.X) as well > >>as from the outer network (outer network = Windows PCs that use > >>the same external router as the FreeBSD PC). > >> > >>It works for the inner network, but not for the outer network > >>(see below for network scheme). All Windows PCs are XP. > >> > >>For testing this, I use an 'open' firewall. I should tighten the > >>firewall as soon as this is working. > >> > >>The /usr/local/etc/smb.conf (configured with swat) is as follows: > >> > >>#------------ smb.conf ---------------------------------- > >>[global] > >> workgroup = CISR > >> netbios name = SURFACE > >> server string = FreeBSD Samba Server > >> passdb backend = tdbsam > >> log file = /var/log/samba/log.%m > >> max log size = 50 > >> dns proxy = No > >> ldap ssl = no > >> > >>[share] > >> comment = Shared stuff > >> path = /home/share > >> invalid users = @wheel > >> valid users = share > >> read only = No > >> force create mode = 0700 > >> force security mode = 0700 > >>#--------------------------------------------------------- > >> > >> > > > > I belive you'll have to add the "interfaces" option and define all the interfaces that you > > want samba to use. You can use IP's or the interface names (rl0, wi0, ndis0, ed0, etc...). > > In addition to setting firewall rules up, samba also has a deny/allow section, again the swat help > > on the option will give you more details. > > Thanks. > > I have added following lines in the [global] section of smb.conf: > > interfaces = fxp0, rl0, lo0 > bind interfaces only = Yes > hosts allow = 123.45.67.89/28, 10.0.0.0/24, 127.0.0.1 > hosts deny = ALL > > Is that what you are talking about? > rl0 interface is connected to the 10.0.0.0/24 inner-network and > fxp0 is connected to the outer-network with gateway 123.45.67.1. > (I use real IP addresses instead of 123.45.67.89, of course). > > Rob. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > Yes thats what I was talking about. Did that fix the problem? -- - James