nat'ing & stuff

nat'ing & stuff

Post by dana_boot » Thu, 20 Jan 2000 04:00:00



I need to run Samba on a computer that also has a regular modem, and runs
ppp -auto. This computer connects to the outside, and nat's for the
private network. Other computers in the private network run Samba, also,
and I've always just filtered out the netbios stuff to prevent it from
triggering dialouts. But now, I've had to find out why the dialouts are
triggered, and although I don't know a lot about it, some tcpdump stuff
seems to indicate that netbios-ns is asking for regular dns. The computer
that uses ppp also runs a caching dns with forwarders to real dns.

Anyway, I know I'm probably clear as mud here... Here's my point... I
can't seem to find the right combination of filtering which will allow
this box to run Samba without triggering dialouts. I know that one of you
must've run into this before, and might steer me right.

--------------

Tacoma, Wa., USA

key at pgpkeys.mit.edu:11371

 
 
 

nat'ing & stuff

Post by Gabriel Kihlma » Thu, 20 Jan 2000 04:00:00



> I need to run Samba on a computer that also has a regular modem, and runs
> ppp -auto. This computer connects to the outside, and nat's for the
> private network.

You run ppp with -nat? (old -alias)
The manpage give some info about defining your dial filter.
Read it and set your filters.

Quote:> Other computers in the private network run Samba, also,
> and I've always just filtered out the netbios stuff to prevent it from
> triggering dialouts. But now, I've had to find out why the dialouts are
> triggered, and although I don't know a lot about it, some tcpdump stuff
> seems to indicate that netbios-ns is asking for regular dns. The computer
> that uses ppp also runs a caching dns with forwarders to real dns.

I have the same configuration as you seem to have.
One obsd machine running named/samba/ppp.
The only problem I had with triggering dialout was a misconfigured
sendmail.
From the top of my head I can remember setting DontProbeInterfaces and
I think that fixed it (I changed some other sendmailsettings while I
was at it so I am not sure).

Quote:

> Anyway, I know I'm probably clear as mud here... Here's my point... I
> can't seem to find the right combination of filtering which will allow
> this box to run Samba without triggering dialouts. I know that one of you
> must've run into this before, and might steer me right.

Sure, mail me if the above isn't enough.

// Gabriel

 
 
 

nat'ing & stuff

Post by Dana Boot » Thu, 20 Jan 2000 04:00:00



Quote:> You run ppp with -nat? (old -alias)

No, ppp does not run with -alias. (or -nat, didn't know about that
one. :) The box runs ipnat. The first time I installed an OpenBSD, it was
version 2.3, and ppp for OpenBSD did not have the -alias switch available
at that time, and any installations since then which have involved ppp
just sorta naturally involve ipnat independant of ppp, since that's the
way I did it the first time.

Quote:> The manpage give some info about defining your dial filter.
> Read it and set your filters.

By the time ppp picks up the packets, they've been translated to the box's
"real" ip number and a bogus port. I'd wanted to do the filtering with the
box's own ipfilter, and possibly some redirection with ipnat.

Quote:> The only problem I had with triggering dialout was a misconfigured
> sendmail.

If I filter out all netbios stuff altogether, it won't dialout. The
tcpdumps that I did show that whenever the box receives a netbios-ns, it
triggers a .domain dialout.

I'm perfectly willing to drop the ipnat and ipfilter, if it's easier to do
it with a straight ppp using -alias. Could you share your ppp filtering
rules?

--

-----

Tacoma, Wa., USA

key on keyserver pgpkeys.mit.edu:11371

 
 
 

1. Firewall & NAT'ing

In our office we have a single system with two NIC's running RedHat 6.0 and
E-smith software. This machine is acting as our internet gateway and
firewall.  We have a DSL connection to internet with a routable Class A
address, this address is NAT'ed to a ranger of 192.168.x.x addressed for
internal use. At this time only one of four routable addresses are being
used.

Our hardware setup:

DSL Modem --> Firewall --> Switch ---> all internal systems.

I wat to use one of our remaining 3 addressed and make another box viewable
from the internet. Is there a way to leave it with all the internal system
and change some rules on the firewall. Or would I need to get a switch and
put it on the external side of the firewall?

2. Formatting ZIP100 for NetBSD installation?

3. /bin/ls /lib/stuff for ftp'ing

4. Remote ufsdump problem with PCI machines?

5. tee'ing and stuff

6. help with FILE* -> filename conversion

7. nat'ing 1:1

8. How to insert Carriage Return in a file ?

9. double NAT'ing

10. Is NAT'ing h323 with OpenBSD possible?

11. ipsec with a NAT'ing linux firewall inbetween ?

12. vonage cisco ATA 186 and NAT'ing

13. Help ftp'ing and telnet'ing