Hi, people. How are you?. I hope you are doing well.
Could you, please, give us some advice about packets generated by Samba
DCs that are filtered by our bastions?
Our doubt is as follows:
* We have 4 sites: SFE, LSFE, ROS, LROS
* We want synchronization to be done in a star mesh with center in
SFE. There are 3 IP Inter-site transport: SFE-LSFE, SFE-LROS,
SFE-ROS.? I mean, there isn't any IP Inter-site transport defined
for LROS-ROS, for example
* Actually, there is a full mesh VPN, but we don't want to use some of
these links for replication and, because of that, we've defined
Inter-site transport in a star way.
* There isn't any problem in our domain. At least as far we can see.
* DCs are replicating well. Running "samba-tool drs showrepl" shows
DCs on LSFE, ROS and LROS having INBOUND NEIGHBORS in SFE site only.
And all of them have only one KCC OBJECT involving a DC in SFE site.
A DNS change in an LROS' DC? , for example, is replicated to DCs in
SFE site and then, from SFE to LSFE
Even though everything seems to be ok, we are trying to understand why
we are seeing our packet filters denying this kind of packets:
Jul? 2 11:40:04 bros kernel: IPT12-drop-NLO2NRE:02 IN=enp64s0 OUT=enp5s4
MAC=00:0f:fe:2c:0d:ab:f2:20:47:45:f1:e8:08:00 *SRC=10.100.2.100
DST=10.100.3.100* LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=41937 DF PROTO=TCP
*SPT=42592 DPT=135* WINDOW=64240 RES=0x00 SYN URGP=0
This example packet, come from ROS packet filter and involves
10.100.2.100 and 10.100.3.100 which are DCs in ROS and LROS sites. EPMAP
packets are prohibited between LROS and ROS sites. Something similar can
be seen in LSFE and LROS packet filters (involving different DCs).
It looks like something running on the ROS' site DC is trying to contact
EPMAP running on LROS' site DC.? We don't? expect that kind of packets
exist because there isn't Inter-site transport ROS-LROS.
Could you tell me please if it is a normal behaviour?. May be KCC is
trying to discover something?. Are we misunderstanding something
potentially dangerous?
Thanks in advance. Best Regards.
Iv?n