I suppose a few questions pop up on this list about access Samba through a firewall. I have been very successful running Samba through a firewall, until today. I hit a stumbling block.
I have a Linux Firewall with the public IP Address of 134.x.x.140 <it is not the exact ip address, but close>. I am using NAT and port forwarding to send traffic destined for 137, 138,139, and 445 for BOTH TCP and IP to an internal host of 10.0.0.245. This internal host has two network interface cards, 10.0.0.245 and 10.0.0.246. Here are my firewall rules: $IPTABLES -A PREROUTING -t nat -i $EXTIF -p tcp --dport 137 -d 134.x.x.140 -j DNAT --to-destination 10.0.0.245:137 $IPTABLES -A PREROUTING -t nat -i $EXTIF -p udp --dport 137 -d 134.x.x.140 -j DNAT --to-destination 10.0.0.245:137 $IPTABLES -A PREROUTING -t nat -i $EXTIF -p tcp --dport 138 -d 134.x.x.140 -j DNAT --to-destination 10.0.0.245:138 $IPTABLES -A PREROUTING -t nat -i $EXTIF -p udp --dport 138 -d 134.x.x.140 -j DNAT --to-destination 10.0.0.245:138 $IPTABLES -A PREROUTING -t nat -i $EXTIF -p tcp --dport 139 -d 134.x.x.140 -j DNAT --to-destination 10.0.0.245:139 $IPTABLES -A PREROUTING -t nat -i $EXTIF -p udp --dport 139 -d 134.x.x.140 -j DNAT --to-destination 10.0.0.245:139 $IPTABLES -A PREROUTING -t nat -i $EXTIF -p tcp --dport 445 -d 134.x.x.140 -j DNAT --to-destination 10.0.0.245:445 $IPTABLES -A PREROUTING -t nat -i $EXTIF -p udp --dport 445 -d 134.x.x.140 -j DNAT --to-destination 10.0.0.245:445 $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -s 10.0.0.245 -j SNAT --to-source 134.x.x.140 $IPTABLES -t nat -A POSTROUTING -o eth0 -p udp -s 10.0.0.245 -j SNAT --to-source 134.x.x.140 $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -s 10.0.0.245 -j SNAT --to-source 134.x.x.140 $IPTABLES -t nat -A POSTROUTING -o eth0 -p udp -s 10.0.0.245 -j SNAT --to-source 134.x.x.140 When I have both network cards activated, I am unable to access SAMBA through the firewall. However, I can access them on the local LAN. I try to tell Samba to use eth0 and lo using: interfaces = lo eth0 bind interfaces only = yes Still does not work. I can use tcpdump -i eth0 and I can packets going through the firewall: 13:36:10.904331 IP 134.x.x.19.34251 > 10.0.0.245.139: S 2273296206:2273296206(0) win 5840 <mss 1460,sackOK,timestamp 4731872 0,nop,wscale 7> And also I can see the requests arriving on eth0 on the Samba server: 13:35:55.777985 IP 134.x.x.19.34251 > 10.0.0.245.139: Flags [S], seq 2273296206, win 5840, options [mss 1460,sackOK,TS val 4731872 ecr 0,nop,wscale 7], length 0 I am at a loss as to why this is happening. Anyone care to enlighten me? Randall Svancara -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
