Generally speaking, you shouldn't. The more holes you punch through your
firewall, the less secure it becomes.
That having been said, I'd also like to use samba across a firewall, but for
a
specific purpose. Here's my setup:
OUTSIDE
|
firewall
| |
192.168.0.0/17 192.168.128.0/17
(the /17 indicates a 17-bit netmask for those who don't know, or:
255.255.128.0)
And I am in complete control of the network, including the firewall.
Servers are on the left side of the firewall, workstations are on the right.
I have a Sun Ultra-1 that I intend to place in the server pool as a
backup-server. This machine will be running samba, as I'd like it to be
able to
mount read-only shares from the PC workstations for dumping to tape.
As I understand, I'll need to allow traffic between the backup server and
the
workstation pool on the following ports with both tcp and udp protocols:
#(from the samba machine's /etc/services file)
netbios-ns 137/tcp # NETBIOS Name Service
netbios-ns 137/udp # NETBIOS Name Service
netbios-dgm 138/tcp # NETBIOS Datagram Service
netbios-dgm 138/udp # NETBIOS Datagram Service
netbios-ssn 139/tcp # NETBIOS Session Service
netbios-ssn 139/udp # NETBIOS Session Service
Is there anything else I'd need to do for this scenario? IE:
Should I set up a PDC on both branches of the firewall?
I can also set up NAT (network address translation) to make the samba machine
look like it's on the other side of the firewall...
What if I decided to allow the samba machine to browse the shares on the
workstations, or vice-versa?
>This is not much information to work with.
>Are you trying to set up cross network browsing?
>Who controls the firewall?
>Joel
>On Thu, Nov 01, 2001 at 08:51:26PM +0100, Hans Scheffers wrote:
>> Hello samba,
>>
>> Hi,
>> I have a smb setup on a server, 192.168.1.2
>>
>> This server connects to firewall, and there is a network
>> 192.168.0.xxx.
>> How do I connect through the firewall?