sslug-teknik team mailing list archive

Thread
Date

Re: iptables, routning imellem 2 NICs og samba?

To: sslug-teknik@xxxxxxxx
From: Uffe Døygaard <sslug@xxxxxxxxxxxx>
Date: Fri, 11 Nov 2005 14:05:37 +0100
Delivered-to: mailing list sslug-teknik@xxxxxxxx
In-reply-to: <dl1l88$q1m$1@www.sslug.dk>
Mailing-list: contact sslug-teknik-help@xxxxxxxx; run by ezmlm
Newsgroups: sslug.teknik
Organization: SSLUG
User-agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)

Uffe Døygaard wrote:

Hej,
Jeg forsøger at route trafikken imellem to netkort, og samtidigt sørgefor at min inderside af "firewall'n" godtager samba trafik fra lokalnettet.
eth0: public
eth1: 192.168.1.1/24
Indtil videre er det ikke lykkedes mig at få skidtet til at virke. Jegkan surfe og alt andet fra klienterne, men ikke forbinde til sambaservicen på 192.168.1.1
Output fra iptables -v -L, mv kan ses på:

http://u-soft.dk/~uffe/samba_probs.txt

På forhånd tak.

/Uffe

Jeg har nu prøvet at slå firewall funktionaliteten helt fra, og det haringen indvirkning... ergo kan det vel ikke være noget med ipfilter?



#cat fw.neutralize.sh

#!/bin/sh

# undlad forwarding af pakker
echo "0" > /proc/sys/net/ipv4/ip_forward

# åbn op for al trafik
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

# kæderne bliver lige tømt ud
iptables -F
iptables -X

Og så forsøgte jeg mig igen med at connecte ved at skrive'\\192.168.1.1' i adressebaren... imens jeg dumpede på trafikken....




# tcpdump -i any port microsoft-ds or port netbios-ssn  or port netbios-ns
tcpdump: WARNING: Promiscuous mode not supported on the "any" device
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 96 bytes

13:57:50.003814 IP 82.143.195.4.netbios-ns >localhost.localdomain.netbios-ns: NBT UDP PACKET(137): REFRESH(8);REQUEST; UNICAST13:57:50.007218 IP 82.143.195.4.netbios-ns >localhost.localdomain.netbios-ns: NBT UDP PACKET(137): REFRESH(8);REQUEST; UNICAST13:57:50.007265 IP 82.143.195.4.netbios-ns >localhost.localdomain.netbios-ns: NBT UDP PACKET(137): REFRESH(8);REQUEST; UNICAST13:57:50.007296 IP 82.143.195.4.netbios-ns >localhost.localdomain.netbios-ns: NBT UDP PACKET(137): REFRESH(8);REQUEST; UNICAST13:57:50.007347 IP 82.143.195.4.netbios-ns >localhost.localdomain.netbios-ns: NBT UDP PACKET(137): REFRESH(8);REQUEST; UNICAST13:57:50.007378 IP 82.143.195.4.netbios-ns >localhost.localdomain.netbios-ns: NBT UDP PACKET(137): REFRESH(8);REQUEST; UNICAST13:58:25.825472 IP 192.168.1.8.netbios-ns > 192.168.1.1.netbios-ns: NBTUDP PACKET(137): QUERY; REQUEST; UNICAST13:58:25.831344 IP 192.168.1.1.netbios-ns > 192.168.1.8.netbios-ns: NBTUDP PACKET(137): QUERY; POSITIVE; RESPONSE; UNICAST13:58:36.165061 IP 192.168.1.2.3507 > 192.168.1.1.microsoft-ds: S2979804630:2979804630(0) win 65535 <mss 1460,nop,nop,sackOK>13:58:36.165156 IP 192.168.1.1.microsoft-ds > 192.168.1.2.3507: R 0:0(0)ack 2979804631 win 013:58:36.165737 IP 192.168.1.2.3508 > 192.168.1.1.netbios-ssn: S3426916228:3426916228(0) win 65535 <mss 1460,nop,nop,sackOK>13:58:36.165836 IP 192.168.1.1.netbios-ssn > 192.168.1.2.3508: R 0:0(0)ack 3426916229 win 013:58:36.609505 IP 192.168.1.2.3507 > 192.168.1.1.microsoft-ds: S2979804630:2979804630(0) win 65535 <mss 1460,nop,nop,sackOK>13:58:36.609598 IP 192.168.1.1.microsoft-ds > 192.168.1.2.3507: R 0:0(0)ack 1 win 013:58:36.609508 IP 192.168.1.2.3508 > 192.168.1.1.netbios-ssn: S3426916228:3426916228(0) win 65535 <mss 1460,nop,nop,sackOK>13:58:36.609650 IP 192.168.1.1.netbios-ssn > 192.168.1.2.3508: R 0:0(0)ack 1 win 013:58:37.112446 IP 192.168.1.2.3507 > 192.168.1.1.microsoft-ds: S2979804630:2979804630(0) win 65535 <mss 1460,nop,nop,sackOK>13:58:37.112561 IP 192.168.1.1.microsoft-ds > 192.168.1.2.3507: R 0:0(0)ack 1 win 013:58:37.112450 IP 192.168.1.2.3508 > 192.168.1.1.netbios-ssn: S3426916228:3426916228(0) win 65535 <mss 1460,nop,nop,sackOK>13:58:37.112615 IP 192.168.1.1.netbios-ssn > 192.168.1.2.3508: R 0:0(0)ack 1 win 013:58:37.113303 IP 192.168.1.2.netbios-ns > 192.168.1.1.netbios-ns: NBTUDP PACKET(137): QUERY; REQUEST; UNICAST13:58:37.114575 IP 192.168.1.1.netbios-ns > 192.168.1.2.netbios-ns: NBTUDP PACKET(137): QUERY; POSITIVE; RESPONSE; UNICAST13:58:37.114928 IP 192.168.1.2.3509 > 192.168.1.1.netbios-ssn: S3639315291:3639315291(0) win 65535 <mss 1460,nop,nop,sackOK>13:58:37.115026 IP 192.168.1.1.netbios-ssn > 192.168.1.2.3509: R 0:0(0)ack 3639315292 win 013:58:37.615382 IP 192.168.1.2.3509 > 192.168.1.1.netbios-ssn: S3639315291:3639315291(0) win 65535 <mss 1460,nop,nop,sackOK>13:58:37.615466 IP 192.168.1.1.netbios-ssn > 192.168.1.2.3509: R 0:0(0)ack 1 win 013:58:38.118322 IP 192.168.1.2.3509 > 192.168.1.1.netbios-ssn: S3639315291:3639315291(0) win 65535 <mss 1460,nop,nop,sackOK>13:58:38.118418 IP 192.168.1.1.netbios-ssn > 192.168.1.2.3509: R 0:0(0)ack 1 win 013:58:50.074141 IP 192.168.1.2.3511 > 192.168.1.1.microsoft-ds: S24125333:24125333(0) win 65535 <mss 1460,nop,nop,sackOK>13:58:50.074268 IP 192.168.1.1.microsoft-ds > 192.168.1.2.3511: R 0:0(0)ack 24125334 win 013:58:50.074899 IP 192.168.1.2.3512 > 192.168.1.1.netbios-ssn: S2664511891:2664511891(0) win 65535 <mss 1460,nop,nop,sackOK>13:58:50.075000 IP 192.168.1.1.netbios-ssn > 192.168.1.2.3512: R 0:0(0)ack 2664511892 win 013:58:50.490615 IP 192.168.1.2.3511 > 192.168.1.1.microsoft-ds: S24125333:24125333(0) win 65535 <mss 1460,nop,nop,sackOK>13:58:50.490762 IP 192.168.1.1.microsoft-ds > 192.168.1.2.3511: R 0:0(0)ack 1 win 013:58:50.490621 IP 192.168.1.2.3512 > 192.168.1.1.netbios-ssn: S2664511891:2664511891(0) win 65535 <mss 1460,nop,nop,sackOK>13:58:50.490821 IP 192.168.1.1.netbios-ssn > 192.168.1.2.3512: R 0:0(0)ack 1 win 013:58:50.993539 IP 192.168.1.2.3511 > 192.168.1.1.microsoft-ds: S24125333:24125333(0) win 65535 <mss 1460,nop,nop,sackOK>13:58:50.993631 IP 192.168.1.1.microsoft-ds > 192.168.1.2.3511: R 0:0(0)ack 1 win 013:58:50.993542 IP 192.168.1.2.3512 > 192.168.1.1.netbios-ssn: S2664511891:2664511891(0) win 65535 <mss 1460,nop,nop,sackOK>13:58:50.993685 IP 192.168.1.1.netbios-ssn > 192.168.1.2.3512: R 0:0(0)ack 1 win 013:58:50.994380 IP 192.168.1.2.netbios-ns > 192.168.1.1.netbios-ns: NBTUDP PACKET(137): QUERY; REQUEST; UNICAST13:58:50.995613 IP 192.168.1.1.netbios-ns > 192.168.1.2.netbios-ns: NBTUDP PACKET(137): QUERY; POSITIVE; RESPONSE; UNICAST13:58:50.995943 IP 192.168.1.2.3513 > 192.168.1.1.netbios-ssn: S3429011654:3429011654(0) win 65535 <mss 1460,nop,nop,sackOK>13:58:50.996036 IP 192.168.1.1.netbios-ssn > 192.168.1.2.3513: R 0:0(0)ack 3429011655 win 0




Hnmmm, ingen ændring :(

/Uffe

Follow ups

Re: iptables, routning imellem 2 NICs og samba?
From: Jacob Bunk Nielsen, 2005-11-11

References

iptables, routning imellem 2 NICs og samba?
From: Uffe Døygaard, 2005-11-11