Networking :: IPtables (NAT / PAT) Setup For SSH And Samba
Apr 28, 2010
I need to access a Linux box via SSH & Samba that is hidden/connected behind another one on its own local network.
Setup :-
Code:
A switch B C
|----| |---| |----| |----|
|eth0|<-->| |<-->|eth0| | |
|----| |---| |eth1|<-->|eth1|
|----| |----|
E.g., I need to SSH/Samba from A to C. How does one go about this? I was thinking that it cannot be done via IP alone? Or can it? Could B say "hi on eth0, if your looking for 192.168.0.2, its here on eth1"? Is this NAT? This is a large private network, so what about if another PC has that IP?! More likely it would be PAT?
A would say "hi 192.168.109.15:1234"
B would say "hi on eth0, traffic for port 1234 goes on here eth1"
How could that be done? And would the SSH/Samba demons see the correct packet header info and work??
IP info :-
Code:
A - eth0 - 192.168.109.2
B - eth0 - 192.168.109.15
- eth1 - 192.168.0.1
C - eth1 - 192.168.0.2
A, B & C are RHEL (RedHat)
But Windows computers can be connected to the switch. I configured the 192.168.0.* IPs, they are changeable. So I have read that this should be done via iptables? But what is the correct command line to do this? And where does one put permanent iptable config?
At first I installed debian 5 and I want enter on my workgroup using windows XP PCs, in same time I want use firewall now when I stop firewall I can access on the pcs but when I start iptables and open port for samba such as 137,138,138 and 445 I can't access on any PC on work group this is the output of iptables - L command:
Code: Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns state NEW ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm state NEW ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn state NEW ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds state NEW
I'm working for a very poorly configured WISP currently using Traffic Inspector on windows(url).
Currently each client is manually given an IP address. I'd like to eventually change that, but for now I just want to migrate the server to linux.
I intend to use iptables to forward only those who's mac and ip match against my list:
Code: # Davit $IPTABLES -A INPUT -i $INTIF -m mac --mac-source 00:00:00:00:56:83 -s 192.168.0.4 -j ACCEPT I intend to mark the packets by ip address to limit them to their plan( there are two plans 256kbps and 128kbps) Code: # Mark packets to route code....
exit 0 Does this make any sense? My Major problem is that I don't know how to keep track of how much each client has downloaded. Any advice on how to do that?
We have a new Bussiness DSL line with 16 public addresses.What we want is to setup a DMZ to run some services and internet to the LAN. Here's a schematic of what we want:
Code:
Backup Internet Main Internet connection connection | | | | SDSL Modem BDSL Modem
Code: Can't initialize iptables table 'NAT': Table does not exist (do you need to insmod?)
Looking at lsmod, it doesn't look like I have anything NAT related loaded ( I just have iptable_filter, ip_tables, and x_table ). Doing a locate nat, I find a module that looks like it should work. I'm running 10.04.1 LTS - Kernel is 2.6.32-25-generic #45-Ubuntu SMP and it is pretty much stock - haven't done anything fancy... this module looks promising:
Code: /lib/modules/2.6.32-25-generic/kernel/net/ipv4/netfilter/iptable_nat.ko but loading it and I get:
IM completly new to fedora but decided to give it a try after using ubuntu for a while,I have everything setup apart from sharing and im been fiddling for a while now.
I would like to create a dedicated Samba print server. I have two printers on my LAN, one printer came with its own NIC and the other is on a Win server box. I would like to setup Samba so that I can just access that server (Samba printer server) and both network printers will show up on there for me to connect to. On that note, can I also load the drivers on my Samba server? Drivers for different Windows flavours and also Mac OSX drivers.
I have setuped OpenLDAP+Samba PDC. When I create user and group -> Errors. smbldap-group -a admin No such object at /usr/sbin/smbldap_tools.pm line 457 smbldap-useradd -am -g admin admin Could not find base dn, to get next uidNumber at /usr/sbin/smbldap_tools.pm line 1192
I'm trying to setup two samba shares on ubuntu server 10.04.1 lts x64
The first is a Read-Only share for windows users that doesn't require a password. This i've managed to do so far.
The second is a Password protected Upload share. So far I am able to have both shares (which access the same directory) but am unable to log in to the pass word protected share.
I know i'm not doing things quite right, and would like a little bit of help
The smb.conf file is the default ubuntu file with these added shares:
I want to setup samba on Maverick. This is the case. I have 2 folders want to be shared, freeaccess and restrictedaccess. The freeaccess folder can be accessed by everyone on network. The restritedaccess folder can only be accessed with account named someone. What I want to ask is, how to setup samba that can solve that case...??
I am trying to set up my Ubuntu 10.04 netbook to see my WinXP desktop's files and vice a versa. I followed the steps in this tutorial thread: HOWTO: Setup Samba peer-to-peer with Windows. I got as far as "Time to add yourself as an samba user." at this point I keep getting the following error:
Code: sudo smbpasswd -L -a WinXP_User_Name New SMB password: Retype new SMB password: Failed to add entry for user WinXP_User_Name. My WinXP machine has no password.
My conf file is here: [global] ; General server settings ; netbios name = WinXP_Computer_Name server string = ; workgroup = WinXP_WorkStation_Name announce version = 5.0 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 passdb backend = tdbsam security = user .....
I am trying to set up samba in my CentOS virtual machine that is running on a Windows 7 host. I have found a tutorial in the How-Tos on this site but I'm not sure if they are exact and I'm paranoid about messing something up. The link to the tutorial is below. Is there anything that I should do different or anything that I should be aware of? Also, once this is set up, how do I transfer files between the two machines? Please note: I am very inexperienced in the IT field. [URL]...
PDC SAMBA + OPEN LDAP (ubuntu 9.04) Linux (File Servers) + Windows machines all working well
I'm trying to set up a share drive on my new server using ubuntu 9.10 with samba (v 3.4) and ldapclient and the shares are not working when I defined Valid Users for share folders, that keep me ask me about my user and password, on the logs I have:
[global] workgroup = FLOWCONNECT server string = OSLO SAMBA FILE SERVER [code].....
I have the same set up on my File Server (Ubuntu 9.04) which use samba 3.3 is working fine.Someone know if has some different setting between samba 3.3 (ubuntu 9.04) and samba 3.4 (ubuntu 9.10) that could cause this problem ?
I am having difficulties setting up Symmetric NAT through iptables.
First things first: "A symmetric NAT is one where all requests from the same internal IP address and port, to a specific destination IP address and port, are mapped to the same external IP address and port. If the same host sends a packet with the same source address and port, but to a different destination, a different mapping is used. Furthermore, only the external host that receives a packet can send a UDP packet back to the internal host."
Need: I am working on a SIP application and SIP apps face a problem with NATed networks. STUN is a solution to such a problem and my SIP application has an embedded STUN client functionality.
Scenario and Technical Details: 192.168.0.200 +-----------------+ | ClientA - My IP | +-----------------+ | |GW: | eth0 eth1 (example public IP address) | 192.168.0.1 | 123.123.123.123 +-------------|-------------+ | NAT1 | +-------------|-------------+ | | | stun.1und1.de | +---------------------------+ | STUN Server | +---------------------------+
I am using WinSTUN, which requires a STUN Server address (such as the one I specified above) to return my type of NAT. What I need to achieve is Symmetric NAT through iptables, on the GW server, only on my IP address (192.168.0.200). I don't want it to affect the whole network. I am running CentOS release 5.4 (Final), and iptables v1.4.10
Recently I have been working on iptables and trying to understand how to use it. Here's a little script I have written to setup a basic firewall for myself:
Code: #!/bin/bash if [ `id -u` -ne 0 ]; then echo "You need root privilege" exit 1 fi
PROG=/sbin/iptables $PROG -F function sethttp { echo "Opening http port..." $PROG -A INPUT -p tcp --dport 80 -j ACCEPT }
function sethttps { echo "Opening https port..." $PROG -A INPUT -p tcp --dport 443 -j ACCEPT }
function settorrent { echo "Opening torrent port..." $PROG -A INPUT -p tcp --dport 52413 -j ACCEPT }
while getopts "hst" option; do case "$option" in h) sethttp;; s) sethttps;; t) settorrent;; *) echo "DOH!" esac done
$PROG -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT $PROG -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT $PROG -A INPUT -i lo -j ACCEPT $PROG -A OUTPUT -o lo -j ACCEPT $PROG -A INPUT -j DROP $PROG -A FORWARD -j REJECT echo "Done setting up the firewall! Enjoy :)" exit 0
OK, this can take 3 arguments that open ports 80, 443 and 52413. And at the end, some default rules are applied. But here's the thing I don't understand: if I don't give the argument for port 80, I can still view web pages... and also, when I remove the line:
Code: $PROG -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Whether I say it to open port 80 or not, I can't view any web pages.
How to Nat. I wanted to be able to resolve something like ftp.myfirstdomain.com to 192.168.0.2 Then ftp.mysecond.com to 192.168.0.3
Just as a random example, I know these cannot be done using name based virtual hosts like in Apache. But I got this working internally using my LAN connection and the 2 IP addresses above, with Bind DNS pointing the dns's to those 2 ip addresses respectively. This worked, yet when I tried connecting from my work place to transfer some files, it kept going to the default user's home directory. Just wanted to get this project finished, 2 domains and one public facing IP address.
I'm new to linux, but enjoy using it very much, especially without a GUI, console is fun! I need to set up port forwarding. We have 3 servers, 1x running Ubuntu server 8.04 (used as transparent proxy), 1x server 2003, 1x windows xp.
The linux box has the following ips: eth0 (internal) 192.168.1.5 eth1 (external) 192.168.0.7
Windows server 2003: 192.168.1.6
Windows XP: 192.168.1.9
Router: 192.168.0.1
The router automatically forwards specific ports to 196.168.0.7 (Linux eth0). From there I want to forward port 8585 to 192.168.1.6 and 3000 to 192.168.1.9. Is there a way that I can do this using iptables?
The commands that I think I'm gonna use look like this: iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 8585 -d 192.168.1.6 -j ACCEPT iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 3000 -d 192.168.1.9 -j ACCEPT
Would this be a correct way of doing it? My biggest problem is that I can't test it without going live, and if I go live and something doesn't work, the entire building will be left without internet, people will hate me. Also, The proxy captures all data on port 80 and forwards it to 3128 so that the proxy can monitor the usage, and a few systems runs fine with it, others however can ping websites, and internet explorer says "website found, waiting for reply" but the webpages cannot be displayed.
i am tring to setup SAMBA with webmin. the problem im having is that i can not login to the shared areas like homes and users. i can see them when i search my network i double click on them and it asks for user name and password. i have already set up a user using the convert unix user to samba user and have set a password. i have set teh Use encrypted passwords? to yes. when i try and log in it say login unsuccesful login or password my be incorect.
setting up SAMBA with webmin? Samba Configuration: i fould this one but didnt help. in uesing suse 11.3 and windows vista
trying to setup samba on my centos box by following the tutorial After following the setup of my smb.conf and adding the users and files as per the tutorial I come across a few problems.If I browse my home folder, music or everyone folder i get for example \sambamusic is not assessable you may not have permissions to use this network response. If i browse the apps folder I get a pop up asking for a user name and password.
I have setup samba and shared /var/www/html on a shared folder so that i can access the folder directly via my IDE, however i cannor write file in there, is there any better way of doing it ?
I have update my linux server from mandriva 9 to mandriva 2010
I was working using samba 2.2.8 and now I have samba 3.5.3.I have transfer all passwd and smbpasswd to new linux.I have convert smbpasswd to tdbsam
when i am using win xp to logon on samba domain the windows XP does not load profiles from samba. I think that the problem is NTUSER.DAT storing in /home/user/profile
The same profile is working using samba 2.2.8 but not working in samba 3.5.3..
I want to use samba for file sharing like on a Windows home network. Actually they are all Linux machines but nfs is too complicated. On my host machine I installed samba and system-config-samba. I created a new share for /home, check marked writable and visible and put access to everybody. For preferences-->server settings--> security the "authentication mode" is set to user, encrypt passwords is no, and guest account is no guest account. Under preferences-->samba users I added myself as a user with the same windows user name as my Linux user name and the same password.
My client is a virtualbox fedora (used for testing purposes but actual clients will be real computers on my home network). I entered the address smb://192.168.1.184. When asked for the user name and password I put my regular user name and password since that was what I set in samba users. However, the password dialog keeps coming up and won't let met into my own computer. If I quit it says something like access is denied. How can I get my home network back? I liked this feature when my home computers ran XP but I switched them to Fedora 12.
Come back to forum after long gap, after using Ubuntu for the last few years i finally move to fedora again with Fedora 15. I like this version of Fedora, it's clean & simple. But i'm having few problems as well. I want to share some folder of my fedora machine with a windows machine of my home, so that my younger brother can access those folders from his windows machine & copy files to his computer. for this i need to setup samba, i already install samba related packages. but can't start system-config-samba from Application Menu. When i go to start this, it asking for authentication & after giving password nothing happend at all! i try to start this from Command line with-
[Code]....
at present, i can browse shared folders from other machine of my home network, but my fedora machine is absent in list of machines, so my brother can't access shared folders of my machine. how can i setup samba share in my fedora machine? so that i can easily share folders with other machine just like ubuntu.
My Samba setup works just fine however whenever I do stop/start/restart. I get these errors in the logs: Jan 17 00:21:14 neutrino smbd[4297]: smbd_open_once_socket: open_socket_in: Address already in use Jan 17 00:31:20 neutrino smbd[4557]: [2010/01/17 00:31:20, 0] smbd/service.c:1009(make_connection_snum) Does anyone know what to think of these? My thought is since it works just ignore and probably the SuSE team will get to cleaning this up sometime.
I just installed ubutnu 9.10 and just installed samba. I edited the config files to workgroup to dhome which is the work group all my windows comptuer uses to share files. I want to share files and also be able to access files off my windows computers. I got onne windows 2000 that has a username needed to be typed in to access it. the rest is accessable. In the config file. I uncommented the security= user thing. I now tried to access the network but still fails.
Here is what I can see. when I go to places and click network I see windows network and click it it will say dhome and Workgroup. when I click on the dhome folder it takes a while and then gives me the error saying sorry didnt' get a list from the server. what do I need to do to access the network?
