> > > > I have an interesting challenge, if anyone is willing to help me get > > everything configured right I promise to make a Mini-HOWTO out of it. > > > > I am trying to use Samba to make Microsoft Networking work over IP > > Masquerading in Linux.> (Bunch of talk about hacking the ipfw code)> Whoops! I just re-read your whole message and just realized you were > talking about configuring Samba as a gateway. The easy way out this > without touchingYou kind of lost me in the previous paragraphs however I think you are making things really complicated considering as long as windows 95 can get the ip address of an external host it can communicate with it just fine. The biggest problem is giving windows 95 the ip address of the external host. The other problem is getting all the external hosts to appear in a browse list. I have been able to successfully make samba the local browse master however it only displays the hosts in the hidden subnet and the browse master (Mars). I can also get to other hosts from the windows 95 machine but only if the have a DNS entry in the domain name server for the outside net. I know I can put ip address in the lmhosts.sam file but I would like a bit more dramatic way of doing things because the status of computers on this net is constantly changing. Here is an outline of how the campus net and my network is set up. --(The Internet) --{Transparent Firewall, similar to IP Masq.} --Campus Net (10.*.*.*) --Browse Master (MARS), Other Computers all on a single subnet --My Linux Machine (KEVINA) --(IP Masq Firewall) --Internal net (192.168.1.*) --Linux machine as Gateway, Local Browse Master, IP Masq Firewall, you name in (192.168.1.1.) --My Windows 95 Machine (KEVINA2, 192.168.1.2) Here is an outline of how I think things should happen in order for the Windows 95 machine to get a working browse list of the Campus Net. -KEVINA gets the browse list from MARS and makes its own browse list for the inter net -KEVINA2 gets the browse list from KEVINA for the Network neighborhood When KEVINA2 wants to get to a machine on the Campus Network: -KEVINA2 turns to KEVINA (because it looks like a wins server) and asks it for the address of say "JOE'S COMPUTER" -KEVINA gets the request and sends a broadcast message onto the campus net looking for the computer -KEVINA gets the address and gives it two KEVINA2 -KEVINA2 is happy and can now get into JOE'S COMPUTER. I hope this clears things up. It should be noted that I do not care that other machines outside of my hidden net can not get to the machines hiding behind ip masq.
(My email program messed up my outlines so I thought I would we send it with everthing looking right. Sorry.)> > > > I have an interesting challenge, if anyone is willing to help me get > > everything configured right I promise to make a Mini-HOWTO out of it. > > > > I am trying to use Samba to make Microsoft Networking work over IP > > Masquerading in Linux.> (Bunch of talk about hacking the ipfw code)> Whoops! I just re-read your whole message and just realized you were > talking about configuring Samba as a gateway. The easy way out this > without touchingYou kind of lost me in the previous paragraphs however I think you are making things really complicated considering as long as windows 95 can get the ip address of an external host it can communicate with it just fine. The biggest problem is giving windows 95 the ip address of the external host. The other problem is getting all the external hosts to appear in a browse list. I have been able to successfully make samba the local browse master however it only displays the hosts in the hidden subnet and the browse master (Mars). I can also get to other hosts from the windows 95 machine but only if the have a DNS entry in the domain name server for the outside net. I know I can put ip address in the lmhosts.sam file but I would like a bit more dramatic way of doing things because the status of computers on this net is constantly changing. Here is an outline of how the campus net and my network is set up. --(The Internet) --{Transparent Firewall, similar to IP Masq.} --Campus Net (10.*.*.*) --Browse Master (MARS), Other Computers all on a single subnet --My Linux Machine (KEVINA) --(IP Masq Firewall) --Internal net (192.168.1.*) --Linux machine as Gateway, Local Browse Master, IP Masq Firewall, you name in (192.168.1.1.) --My Windows 95 Machine (KEVINA2, 192.168.1.2) Here is an outline of how I think things should happen in order for the Windows 95 machene to get a working browse list of the Campus Net: --KEVINA gets the browse list from MARS and makes its own browse list for the inter net --KEVINA2 gets the browse list from KEVINA for the Network neighborhood When KEVINA2 wants to get to a machine on the Campus Network: --KEVINA2 turns to KEVINA (because it looks like a wins server) and asks it for the address of say "JOE'S COMPUTER" --KEVINA gets the request and sends a broadcast message onto the campus net looking for the computer --KEVINA gets the address and gives it two KEVINA2 --KEVINA2 is happy and can now get into JOE'S COMPUTER. I hope this clears things up. It should be noted that I do not care that other machines outside of my hidden net can not get to the machines hiding behind ip masq.
> Date: Fri, 3 Oct 1997 23:08:01 +0000 > From: kevina@clark.net > To: samba@samba.anu.edu.au > Subject: Microsoft Networking over IP Masquerading > Message-ID: <03072704203354@wvwc.edu> > > I have an interesting challenge, if anyone is willing to help me get > everything configured right I promise to make a Mini-HOWTO out of it. > > I am trying to use Samba to make Microsoft Networking work over IP > Masquerading in Linux.Good luck: your big problem is that SMB over TCP encapsulates the *original* IP addresses inside the SMB block. When a packet crosses a masquerading server, only the headers are changed, but the IP addresses inside are not, therefore the receiving machine wants to talk to the original IP address (and the IPMasq server ensures that he can't). I know for a fact that the Cisco servers which do NAT (Network Address Translation, another name for the same thingie) *do* peek inside the NetBios on TCP packets and change the addresses accordingly. You'd have to really go over the NBT RFCs (rfc1001, 1002 and --I think-- 1003), check which packets include the IP addresses in the payload note their offsets in the data portion, hope you don't miss any undocumented ones from M$ (:-}), and ultimately hack the IPFW kernel code. Whoops! I just re-read your whole message and just realized you were talking about configuring Samba as a gateway. The easy way out this without touching the ipfw code would be having samba on the same box as the ipfw server, and you would have to smbmount the "external" shares on the samba box, and then make them available on the "internal" side. Maybe by extending the \\box\share-user-password syntax (and running a little script from the pseudo-share definition in smb.conf) you could ask for any arbitrary external share at the client mounting time. IMHO the ipfw hack would be technically superior, provided you don't bump into problems with undocumented IP addresses in the NBT payload. Maybe someone has already done this. Have you checked in comp.protocols.smb?> I have two machines, a Linux machine (with two Ethernet cards) and Windows > 95 machine that is hiding behind IP Masquerading. I am connected to the > [...snip...] > I am convinced that Samba can be used as a gateway so to speak to make > everything work properly but I don't know enough about Samba and Microsoft > Networking to know the exact in and outs.Cheers... Marco Zamora
Marco A. Zamora wrote:> > > Date: Fri, 3 Oct 1997 23:08:01 +0000 > > From: kevina@clark.net > > To: samba@samba.anu.edu.au > > Subject: Microsoft Networking over IP Masquerading > > Message-ID: <03072704203354@wvwc.edu> > > > > I have an interesting challenge, if anyone is willing to help me get > > everything configured right I promise to make a Mini-HOWTO out of it. > > > > I am trying to use Samba to make Microsoft Networking work over IP > > Masquerading in Linux. > > Good luck: your big problem is that SMB over TCP encapsulates the *original* IP > addresses inside the SMB block. When a packet crosses a masquerading server, > only the headers are changed, but the IP addresses inside are not, therefore > the receiving machine wants to talk to the original IP address (and the IPMasq > server ensures that he can't). > > I know for a fact that the Cisco servers which do NAT (Network Address > Translation, another name for the same thingie) *do* peek inside the NetBios on > TCP packets and change the addresses accordingly. > > You'd have to really go over the NBT RFCs (rfc1001, 1002 and --I think-- 1003), > check which packets include the IP addresses in the payload note their offsets > in the data portion, hope you don't miss any undocumented ones from M$ (:-}), > and ultimately hack the IPFW kernel code. > > Whoops! I just re-read your whole message and just realized you were talking > about configuring Samba as a gateway. The easy way out this without touching > the ipfw code would be having samba on the same box as the ipfw server, and you > would have to smbmount the "external" shares on the samba box, and then make > them available on the "internal" side. Maybe by extending the > \\box\share-user-password syntax (and running a little script from the > pseudo-share definition in smb.conf) you could ask for any arbitrary external > share at the client mounting time. > > IMHO the ipfw hack would be technically superior, provided you don't bump into > problems with undocumented IP addresses in the NBT payload. Maybe someone has > already done this. Have you checked in comp.protocols.smb? > > > I have two machines, a Linux machine (with two Ethernet cards) and Windows > > 95 machine that is hiding behind IP Masquerading. I am connected to the > > [...snip...] > > I am convinced that Samba can be used as a gateway so to speak to make > > everything work properly but I don't know enough about Samba and Microsoft > > Networking to know the exact in and outs. > > Cheers... Marco ZamoraYou might want to have a look at CIPE... (http://www.inka.de/~bigred/devel/cipe.html) ...This creates an encrypted tunnel over UDP. You might be able to setup a VPN with it, routing your SMB connections over it. I plan to try this. But, because of time constraints, have not gotten beyond compiling it and loading the module into kernel space (Linux). Good Luck, -James