From owner-freebsd-questions@FreeBSD.ORG Tue Jan 4 06:48:34 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E0E3D16A4CE for ; Tue, 4 Jan 2005 06:48:34 +0000 (GMT) Received: from lp1001.snu.ac.kr (lp1001.snu.ac.kr [147.46.70.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4F76243D39 for ; Tue, 4 Jan 2005 06:48:34 +0000 (GMT) (envelope-from spamrefuse@yahoo.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) (authenticated (0 bits)) by lp1001.snu.ac.kr (8.13.1/8.11.6) with ESMTP id j046kFJr001241 for ; Tue, 4 Jan 2005 15:46:16 +0900 Message-ID: <41DA3C40.8080609@yahoo.com> Date: Tue, 04 Jan 2005 15:48:32 +0900 From: Rob User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.5) Gecko/20041226 X-Accept-Language: en-us, en MIME-Version: 1.0 To: FreeBSD References: <41D952C2.1040708@yahoo.com> <200501030736.55330.james@idea-anvil.net> <41D96888.1060500@yahoo.com> <200501032048.31169.james@idea-anvil.net> In-Reply-To: <200501032048.31169.james@idea-anvil.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Samba on a router; doesn't work for outer network. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Jan 2005 06:48:35 -0000 James Jhai wrote: > On Monday 03 January 2005 08:45 am, Rob wrote: > >>James Jhai wrote: >> >>>On Monday 03 January 2005 07:12 am, Rob wrote: >>> >>> >>>>Hi, >>>> >>>>I have tried to configure Samba on a FreeBSD (5.3) router & NAT. >>>> >>>>I want to have a single accessible directory with a password, >>>>that can be accessed from the inner network (10.0.0.X) as well >>>>as from the outer network (outer network = Windows PCs that use >>>>the same external router as the FreeBSD PC). >>>> >>>>It works for the inner network, but not for the outer network >>>>(see below for network scheme). All Windows PCs are XP. >>>> >>>>For testing this, I use an 'open' firewall. I should tighten the >>>>firewall as soon as this is working. >>>> >>>>The /usr/local/etc/smb.conf (configured with swat) is as follows: >>>> >>>>#------------ smb.conf ---------------------------------- >>>>[global] >>>> workgroup = CISR >>>> netbios name = SURFACE >>>> server string = FreeBSD Samba Server >>>> passdb backend = tdbsam >>>> log file = /var/log/samba/log.%m >>>> max log size = 50 >>>> dns proxy = No >>>> ldap ssl = no >>>> >>>>[share] >>>> comment = Shared stuff >>>> path = /home/share >>>> invalid users = @wheel >>>> valid users = share >>>> read only = No >>>> force create mode = 0700 >>>> force security mode = 0700 >>>>#--------------------------------------------------------- >>>> >>>> >>> >>>I belive you'll have to add the "interfaces" option and define all the interfaces that you >>>want samba to use. You can use IP's or the interface names (rl0, wi0, ndis0, ed0, etc...). >>>In addition to setting firewall rules up, samba also has a deny/allow section, again the swat help >>>on the option will give you more details. >> >>Thanks. >> >>I have added following lines in the [global] section of smb.conf: >> >> interfaces = fxp0, rl0, lo0 >> bind interfaces only = Yes >> hosts allow = 123.45.67.89/28, 10.0.0.0/24, 127.0.0.1 >> hosts deny = ALL >> >>Is that what you are talking about? >>rl0 interface is connected to the 10.0.0.0/24 inner-network and >>fxp0 is connected to the outer-network with gateway 123.45.67.1. >>(I use real IP addresses instead of 123.45.67.89, of course). > > Yes thats what I was talking about. Did that fix the problem? No, it didn't. I'm now teaching the Windows guys how to use sFtp to connect to the router; probably the most secure way of communication, I guess. In that case I will abandon samba altogether. Thanks for your help. Rob.