samba - Nov 2001 - Running Samba on a masquerading router

Hi,

I'm running Samba 2.2.1 on a NAT machine.  Only hosts from the
private net are allowed access (hosts allow and interfaces set to
the private network only).  My problem is that domains from the
'public' network are still appearing on my private network, albeit
inaccessible.  It's almost as if the browse-list mechanism is
picking them up on the public interface.

Is there a way to prevent nmbd/smbd from doing this?  Is this
caused by some other miss-configuration?  I'm running Linux,
kernel 2.4.6 with ipchains.

Secondly, is it possible to have different shares on different
interfaces without a second samba installation?

Any help would be much appreciated.

-Simon.

--
Simon Harrison, Senior Software Engineer                  Sophos Anti-Virus
http://www.sophos.com                           UK Support: +44 1235 559933

On Fri, Nov 09, 2001 at 12:38:33PM +0000, smh@sophos.com
wrote:
> Hi,
> 
> I'm running Samba 2.2.1 on a NAT machine.  Only hosts from the
> private net are allowed access (hosts allow and interfaces set to
> the private network only).  My problem is that domains from the
> 'public' network are still appearing on my private network, albeit
> inaccessible.  It's almost as if the browse-list mechanism is
> picking them up on the public interface.
> 
> Is there a way to prevent nmbd/smbd from doing this?  Is this
> caused by some other miss-configuration?  I'm running Linux,
> kernel 2.4.6 with ipchains.
nmbd listen on 0.0.0.0 for broadcast even if you use

bind interfaces only = True

You should block incomming udp packets for port 137 et 138
on the external interface.
> 
> Secondly, is it possible to have different shares on different
> interfaces without a second samba installation?
i don't think its possible without a second samba. not sure exactly
what you need here. 

-- 
Marcel de Riedmatten
pgp key: CFE703CA http://ftp.dotforge.ch/pub/users/mdr/mdr.gpg.asc
Empreinte: 4687 F9CB D8E2 AC1A B806  F812 C048 0875 CFE7 03CA