On Thu, 5 Jul 2007 13:40:07 +0200
"Gabor Tjong A Hung" <[EMAIL PROTECTED]> wrote:
> Dear all,
>
> The idea is to share it over a local area network.
> This LAN has a wins server.
> my server has a jail in which samba resides.
> In order for the LAN to be serviced by my jailed samba I have NATED and
> RDRed the required packets
> In order for the LAN to browse the network NETBIOS seems to be a problem.
> AFAIK when one sends a netBIOS packet an ip is embedded and the response is
> sent to that ip. NAT only redirects the packet to he appropriate network,
> but apparently the packet needs to be altered too in order for a response to
> be sent.
> I hope this information was sufficient
>
> <snip>
> smb_jail_ip="10.0.0.3"
> int_ip="172.20.25.177"
> samba_UDP_ports = "{netbios-ns, netbios-dgm}"
> samba_TCP_ports = "{microsoft-ds, netbios-ssn}"
>
> #smb
> nat on $int_if from $smb_jail_ip to $int_if:network ->$int_ip
> rdr on $int_if proto TCP from any to $int_ip port $samba_TCP_ports ->
> $smb_jail_ip
> rdr on $int_if proto UDP from any to $int_if:broadcast port $samba_UDP_ports
> -> $smb_jail_ip
> rdr on $int_if proto UDP from any to $int_ip port $samba_UDP_ports ->
> $smb_jail_ip
>
>
> pass in quick on $int_if all
> pass out quick on $int_if all
> </snip>
Hi Gabor,
I dont recall ever doing NAT+netbios myself - maybe just too lazy to work
around all this ;).
What i've done with no problem is to use WINS (or /mumble/mubmle/lmhosts :) to
route the packets from 172.20.25/24 to the 10.0.0./24 subnet, and back. Well,
normal TCP/IP routing for routing, and then WINS/LMHOST to solve the issue that
the normal Netbios name discovery broadcasts wont reach other subnets.
I dont think i've actually done it with jails , but it works with SMB over VPN
links to the other side of the world (it makes you cry, though, slow as a
dead snail) and different VMNets in VMWare hosts and the outside LAN.
Apologies for not actually proposing a solution to your problem... :-P
B
>
> On 7/5/07, Norberto Meijome <[EMAIL PROTECTED]> wrote:
> >
> > On Wed, 4 Jul 2007 19:22:13 +0200
> > "Gabor Tjong A Hung" <[EMAIL PROTECTED]> wrote:
> >
> > > Dear all,
> > >
> > > I was told that my questions was better served here than in ports@
> > >
> > >
> > > > I've recently put my samba server in a jail, but as you can see @
> > > > http://www.faughnan.com/netbios.html NetBIOS is a bit of a problem and
> > can
> > > > cause alot of headache. I was unable to find a nat helper for pf, so I
> > was
> > > > wondering if I could bridge my jail with it's host. the bridge
> > > > manual<http://www.freebsd.org/cgi/man.cgi?query=bridge&sektion=4
> > >however
> > > > requires me to have *two* network devices(or so it says), but my
> > > > jails are just aliases on the same network device.
> > > > Does anyone know another solution to make browsing possible? or have a
> > > clue
> > > > on how to make the solutions I tried work.
> > > >
> > > > >ifconfig
> > > > rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> > > > options=8<VLAN_MTU>
> > > > inet6 fe80::202:44ff:fe30:dd04%rl0 prefixlen 64 scopeid 0x1
> > > > inet 172.20.25.177 netmask 0xfffffc00 broadcast 172.20.27.255
> > > > inet 10.0.0.3 netmask 0xffffffff broadcast 10.0.0.3
> > > > inet 10.0.0.2 netmask 0xffffffff broadcast 10.0.0.2
> > > > inet 10.0.0.6 netmask 0xffffffff broadcast 10.0.0.6
> > > > inet 10.0.0.4 netmask 0xffffffff broadcast 10.0.0.4
> > > > inet 10.0.0.5 netmask 0xffffffff broadcast 10.0.0.5
> > > > ether 00:02:44:30:dd:04
> > > > media: Ethernet autoselect (100baseTX <full-duplex>)
> > > > status: active
> >
> > hi Gabor,
> > are you trying to share over SMB between the jails?
> > between the hosts and the jails?
> > you may want to explain your plans... using NAT for netbios seems a bit
> > overkill to me, unless you plan to send SMB packets over the larger
> > internet...which in itself seems a bad idea.
> >
> > If you only need SMB across different LAN segments, setup WINS server(s)
> > (MS or
> > from the Samba project).
> >
> > B
> > _________________________
> > {Beto|Norberto|Numard} Meijome
> >
> > "It is a lesson which all history teaches wise men, to put trust in ideas,
> > and
> > not in circumstances." Emerson
> >
> > I speak for myself, not my employer. Contents may be hot. Slippery when
> > wet.
> > Reading disclaimers makes you go blind. Writing them is worse. You have
> > been
> > Warned.
> >
_________________________
{Beto|Norberto|Numard} Meijome
What you are afraid to do is a clear indicator of the next thing you need to do.
I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
