On Thu, 2 Oct 1997, Conrad Canterford wrote:
> I vaguely remember reading a month or so ago (I think in this group)
> about someone setting up a Linux firewall box that would allow a Win95
> machine to see the SMB network on the other side of the firewall. I have
> SAMBA running and can mount shares on the Linux box.
> It is probably really obvious, but I can't see how to do it.
No, I don't think that it is really obvious.
"Seeing the SMB network" happens at a couple of levels. One part of
"seeing the SMB network" is netBIOS name resolution and resource
discovery, and that is quite complicated and I don't know enough about it,
and I won't go into it now.
Another part is accessing the SMB resources that you know about. My
understanding is that that is all done using TCP connections to port 139.
Using the IP masquerading feature of linux, you should be able to allow
TCP connections to outside hosts, and still allow samba to run on your
firewall.
On pretty well any Unix host (including samba) you should be able to proxy
it through your firewall and still run samba. See below.
I'll assume that your protected network is on eth0, and you only wish to
access a single outside SMB server.
- Set up an aliased network interface eth0:0.
- Don't start smbd as a daemon.
- Install the net utility "socket" or something similar.
- Set up inetd to spawn tcpd when anyone connects to port 139.
- Make sure that you have tcpd compiled with PROCESS_OPTIONS defined.
Set up hosts.allow thus:
...
smbd@your.ip.address : n.n.n.n/m.m.m.m : .../smbd .....
smbd@fake.ip.address : n.n.n.n/m.m.m.m : .../socket some.host.out.there 139
...
This will allow clients to attach to samba using one IP address, or be
proxied to an outside SMB server using another IP address.
Charlie Brady - Telstra |internet: cbrady@ind.tansu.com.au
Network Products |Snail : Locked Bag 6581, GPO Sydney 2001 Australia
Platform Technologies |Physical : Lvl 2, 175 Liverpool St, Sydney 2000
IN-Sub Unit - Sydney | Phone: +61 2 9206 3470 Fax: +61 2 9281 1301