samba - Jul 2002 - Multiple Ethernet Cards: Ignoring one of them

Hello,
I have recently had 'Broadband' (Cable) Internet installed in my house 
and I have setup the my Linux PC to do Network Address Translation for 
my Windows PC.  This system has worked well with the PPP modem, and I 
know that a full Proxy server would be better, but at the moment I 
haven't got the time to set one up etc.  
This setup worked fine:

Modem[ppp0 DHCP]:------:192.168.10.250[eth0]: 
-------X-------192.168.10.5 [eth0]

[The 'X' implies crossover cable]

So I added a second Ethernet card [eth1] and installed the SuSE firewall 
2 (basically IP packet filtering and NAT done through IPtables I think) 
as I didn't want to leave my Linux PC on all night, connected to the Net 
unprotected (also shut down most of the services).  My aim was to use 
the existing Linux box as a combined Firewall/Gateway/non-essiental file 
& backup server.
The network now looks like this:

Cable Modem:----------DHCP allocated by ISP [eth1]
                      192.168.10.250       
 [eth0]-----X------192.168.10.5 [eth0]

A Hub / Switch will probably get added soon into which eth0 will be 
plugged to offer my parent's PC access as well.

The NAT works fine, and so does the packet filtering (I think - I'm 
getting my friends to test it for me), but SMBd and NMBd refuses to 
start.  I am using SMBd version 2.2.0 (standard SuSE 7.2 install).
I get the error:
[2002/07/01 17:22:34, 2] smbd/server.c:exit_server(440)
  Closing connections
[2002/07/01 17:23:54, 2] lib/interface.c:add_interface(85)
  added interface ip=192.168.10.250 bcast=192.168.10.255 nmask=255.255.255.0
[2002/07/01 17:23:54, 0] lib/util_sock.c:open_socket_in(819)
  Get_Hostbyname: Unknown host pc1-hudd4-5-cust142
[2002/07/01 17:23:54, 2] smbd/server.c:exit_server(440)
  Closing connections

 From the SMBd log.
I think the problem is that the SMBd is trying to offer services to the 
eth1 NIC.  I thought I had told it not to:

[global]
  net bios name = Pumpkin
  server string = Samba %v on (%L)
  workgroup = bip
  encrypt passwords = yes
  security = share
 log file = /var/log/smbd.log
   log level = 2
bind interfaces only = true
interfaces = eth0 
[install]
  comment = Installed Software Directory
  path = /shared/install
  read only = no
  writeable = yes
  guest ok = yes
# browserable = yes


[homes]
comment = Generic Home Share
 read only = no
# guest ok = yes
# browserable = yes
  writeable = yes

form /etc/smbd.conf

As I said, I am using a Firewall.  I think the relevant sections of the
SuSEfirewall2 config file are:

# If this server is a firewall, which should act like a proxy (no direct
# routing between both networks), or you are an end-user connected to the
# internet and to an internal network, you have to setup your proxys and
# reconfigure (all other settings are OK): 2), 3), 9) and maybe 7), 11), 14)
# 2.)
# Which is the interface that points to the internet/untrusted networks?
#
# Enter all the network devices here which are untrusted.
#
# Choice: any number of devices, seperated by a space
# e.g. "eth0", "ippp0 ippp1 eth0:1"
#
FW_DEV_EXT="eth1"

#
# 3.)
# Which is the interface that points to the internal network?
#
# Enter all the network devices here which are trusted.
# If you are not connected to a trusted network (e.g. you have just a
# dialup) leave this empty.
#
# Choice: leave empty or any number of devices, seperated by a space
# e.g. "tr0", "eth0 eth1 eth1:1" or ""
#
# 9.)
FW_DEV_INT="eth0"
FW_SERVICES_EXT_TCP=""
# Common: ssh smtp domain
FW_SERVICES_INT_TCP="ssh smtp 137:139 ftp"
# Common: domain syslog
FW_SERVICES_INT_UDP="137:139"
# If you are running bind/named set to yes. Remember that you have to open
# port 53 (or "domain") as udp/tcp to allow incoming queries.
# Also FW_ALLOW_INCOMING_HIGHPORTS_UDP needs to be "yes"
FW_SERVICE_DNS="no"
#
# if you use dhclient to get an ip address you have to set this to
"yes" !
FW_SERVICE_DHCLIENT="no"
#
# set to "yes" if this server is a DHCP server
FW_SERVICE_DHCPD="no"
#
# set to "yes" if this server is running squid. You still have to open
the
# tcp port 3128 to allow remote access to the squid proxy service.
FW_SERVICE_SQUID="no"
#
# set to "yes" if this server is running a samba server. You still
have to open
# the tcp port 139 to allow remote access to SAMBA.
FW_SERVICE_SAMBA="yes"

[I am a little unsure about this last option.  I am right in thinking that this
enables the forwarding of SMB _from_ external networks?  ]
# 11.)
# How is access allowed to high (unpriviliged [above 1023]) ports?
# 7.)
# Do you want to protect the firewall from the internal network?
FW_PROTECT_FROM_INTERNAL="no"	#It's a home LAN - only my 2 PCs on
it!
# 14.)
# Which services accessed from the internet should be allowed to masqueraded
# servers (on the internal network or dmz)?
# REQUIRES: FW_ROUTE


If I disable eth1, Samba works fine, trouble is...no Net!  It's one or the
other.  At the moment I'm choosing 'Net'...
Does anybody have any suggestions how to solve this?
Thanks,
Michael M.


 
-- 
==============================================================================="How
to explain? How to describe? Even the omniscient viewpoint quails."
     - from 'A Fire Upon the Deep' by Vernor Vinge
     						       michael@mjmoorhouse.co.uk
================================================================================

interfaces = list interfaces you want to bind Samba to
bind interfaces only = True


Michael Moorhouse wrote:
> 
> Hello,
> I have recently had 'Broadband' (Cable) Internet installed in my
house
> and I have setup the my Linux PC to do Network Address Translation for
> my Windows PC.  This system has worked well with the PPP modem, and I
> know that a full Proxy server would be better, but at the moment I
> haven't got the time to set one up etc.
> This setup worked fine:
> 
> Modem[ppp0 DHCP]:------:192.168.10.250[eth0]:
> -------X-------192.168.10.5 [eth0]
> 
> [The 'X' implies crossover cable]
> 
> So I added a second Ethernet card [eth1] and installed the SuSE firewall
> 2 (basically IP packet filtering and NAT done through IPtables I think)
> as I didn't want to leave my Linux PC on all night, connected to the
Net
> unprotected (also shut down most of the services).  My aim was to use
> the existing Linux box as a combined Firewall/Gateway/non-essiental file
> & backup server.
> The network now looks like this:
> 
> Cable Modem:----------DHCP allocated by ISP [eth1]
>                       192.168.10.250
>  [eth0]-----X------192.168.10.5 [eth0]
> 
> A Hub / Switch will probably get added soon into which eth0 will be
> plugged to offer my parent's PC access as well.
> 
> The NAT works fine, and so does the packet filtering (I think - I'm
> getting my friends to test it for me), but SMBd and NMBd refuses to
> start.  I am using SMBd version 2.2.0 (standard SuSE 7.2 install).
> I get the error:
> [2002/07/01 17:22:34, 2] smbd/server.c:exit_server(440)
>   Closing connections
> [2002/07/01 17:23:54, 2] lib/interface.c:add_interface(85)
>   added interface ip=192.168.10.250 bcast=192.168.10.255
nmask=255.255.255.0
> [2002/07/01 17:23:54, 0] lib/util_sock.c:open_socket_in(819)
>   Get_Hostbyname: Unknown host pc1-hudd4-5-cust142
> [2002/07/01 17:23:54, 2] smbd/server.c:exit_server(440)
>   Closing connections
> 
>  From the SMBd log.
> I think the problem is that the SMBd is trying to offer services to the
> eth1 NIC.  I thought I had told it not to:
> 
> [global]
>   net bios name = Pumpkin
>   server string = Samba %v on (%L)
>   workgroup = bip
>   encrypt passwords = yes
>   security = share
>  log file = /var/log/smbd.log
>    log level = 2
> bind interfaces only = true
> interfaces = eth0
> [install]
>   comment = Installed Software Directory
>   path = /shared/install
>   read only = no
>   writeable = yes
>   guest ok = yes
> # browserable = yes
> 
> [homes]
> comment = Generic Home Share
>  read only = no
> # guest ok = yes
> # browserable = yes
>   writeable = yes
> 
> form /etc/smbd.conf
> 
> As I said, I am using a Firewall.  I think the relevant sections of the
SuSEfirewall2 config file are:
> 
> # If this server is a firewall, which should act like a proxy (no direct
> # routing between both networks), or you are an end-user connected to the
> # internet and to an internal network, you have to setup your proxys and
> # reconfigure (all other settings are OK): 2), 3), 9) and maybe 7), 11),
14)
> # 2.)
> # Which is the interface that points to the internet/untrusted networks?
> #
> # Enter all the network devices here which are untrusted.
> #
> # Choice: any number of devices, seperated by a space
> # e.g. "eth0", "ippp0 ippp1 eth0:1"
> #
> FW_DEV_EXT="eth1"
> 
> #
> # 3.)
> # Which is the interface that points to the internal network?
> #
> # Enter all the network devices here which are trusted.
> # If you are not connected to a trusted network (e.g. you have just a
> # dialup) leave this empty.
> #
> # Choice: leave empty or any number of devices, seperated by a space
> # e.g. "tr0", "eth0 eth1 eth1:1" or ""
> #
> # 9.)
> FW_DEV_INT="eth0"
> FW_SERVICES_EXT_TCP=""
> # Common: ssh smtp domain
> FW_SERVICES_INT_TCP="ssh smtp 137:139 ftp"
> # Common: domain syslog
> FW_SERVICES_INT_UDP="137:139"
> # If you are running bind/named set to yes. Remember that you have to open
> # port 53 (or "domain") as udp/tcp to allow incoming queries.
> # Also FW_ALLOW_INCOMING_HIGHPORTS_UDP needs to be "yes"
> FW_SERVICE_DNS="no"
> #
> # if you use dhclient to get an ip address you have to set this to
"yes" !
> FW_SERVICE_DHCLIENT="no"
> #
> # set to "yes" if this server is a DHCP server
> FW_SERVICE_DHCPD="no"
> #
> # set to "yes" if this server is running squid. You still have to
open the
> # tcp port 3128 to allow remote access to the squid proxy service.
> FW_SERVICE_SQUID="no"
> #
> # set to "yes" if this server is running a samba server. You
still have to open
> # the tcp port 139 to allow remote access to SAMBA.
> FW_SERVICE_SAMBA="yes"
> 
> [I am a little unsure about this last option.  I am right in thinking that
this enables the forwarding of SMB _from_ external networks?  ]
> # 11.)
> # How is access allowed to high (unpriviliged [above 1023]) ports?
> # 7.)
> # Do you want to protect the firewall from the internal network?
> FW_PROTECT_FROM_INTERNAL="no"   #It's a home LAN - only my 2
PCs on it!
> # 14.)
> # Which services accessed from the internet should be allowed to
masqueraded
> # servers (on the internal network or dmz)?
> # REQUIRES: FW_ROUTE
> 
> If I disable eth1, Samba works fine, trouble is...no Net!  It's one or
the other.  At the moment I'm choosing 'Net'...
> Does anybody have any suggestions how to solve this?
> Thanks,
> Michael M.
> 
> 
> --
>
===============================================================================>
"How to explain? How to describe? Even the omniscient viewpoint
quails."
>      - from 'A Fire Upon the Deep' by Vernor Vinge
>                                                       
michael@mjmoorhouse.co.uk
>
===============================================================================>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba