форумы  помощь  поиск  регистрация  майллист  ВХОД  слежка

Вариант для распечатки		Архивированная нить - только для чтения!  Пред. тема | След. тема
Форумы OpenNET: Виртуальная конференция (Public)
Изначальное сообщение		[Проследить за развитием треда]

"Samba  и несколько сетевых интерфейсов."
Сообщение от Silent on 06-Авг-03, 13:40  (MSK)
Добрый день. Как заставить samba-у слушать только определенный интерфейс? Пробовал играться с настройками - в любом случаи "садиться" на все интерфейсы. smb.conf         interfaces = vlan2               bind interfaces only = yes #       socket address = 10.0.1.3 netstat -a -n tcp4       0      0  10.0.1.3.139           *.*   udp4       0      0  10.0.1.3.138           *.*                     udp4       0      0  10.0.1.3.137           *.*                     udp4       0      0  *.138                  *.*                     udp4       0      0  *.137     Логи от nmbd [2003/08/06 10:02:52, 2] lib/interface.c:add_interface(81)   added interface ip=10.0.1.3 bcast=10.0.1.255 nmask=255.255.255.0 [2003/08/06 10:02:52, 2] nmbd/nmbd_subnetdb.c:make_subnet(192)   making subnet name:10.0.1.3 Broadcast address:10.0.1.255 Subnet mask:255.255.255.0 [2003/08/06 10:02:52, 2] nmbd/nmbd_subnetdb.c:make_subnet(192)   making subnet name:UNICAST_SUBNET Broadcast address:0.0.0.0 Subnet mask:0.0.0.0 [2003/08/06 10:02:52, 2] nmbd/nmbd_subnetdb.c:make_subnet(192)   making subnet name:REMOTE_BROADCAST_SUBNET Broadcast address:0.0.0.0 Subnet mask:0.0.0.0 И причем тут  UNICAST? Заранее благодарен за ответы.
	Рекомендовать в FAQ | Cообщить модератору | Наверх

Индекс форумов | Темы | Пред. тема | След. тема

Сообщения по теме

1. "Samba  и несколько сетевых интерфейсов."
Сообщение от Andrey on 06-Авг-03, 13:44  (MSK)
>Добрый день. >Как заставить samba-у слушать только определенный интерфейс? Пробовал играться с настройками - >в любом случаи "садиться" на все интерфейсы. >smb.conf >        interfaces = vlan2 >        bind interfaces only = >yes >#       socket address = 10.0.1.3 >netstat -a -n >tcp4       0     > 0  10.0.1.3.139         >   *.* >udp4       0     > 0  10.0.1.3.138         >   *.* >udp4       0     > 0  10.0.1.3.137         >   *.* >udp4       0     > 0  *.138         >          *.* > >udp4       0     > 0  *.137 > >Логи от nmbd >[2003/08/06 10:02:52, 2] lib/interface.c:add_interface(81) >  added interface ip=10.0.1.3 bcast=10.0.1.255 nmask=255.255.255.0 >[2003/08/06 10:02:52, 2] nmbd/nmbd_subnetdb.c:make_subnet(192) >  making subnet name:10.0.1.3 Broadcast address:10.0.1.255 Subnet mask:255.255.255.0 >[2003/08/06 10:02:52, 2] nmbd/nmbd_subnetdb.c:make_subnet(192) >  making subnet name:UNICAST_SUBNET Broadcast address:0.0.0.0 Subnet mask:0.0.0.0 >[2003/08/06 10:02:52, 2] nmbd/nmbd_subnetdb.c:make_subnet(192) >  making subnet name:REMOTE_BROADCAST_SUBNET Broadcast address:0.0.0.0 Subnet mask:0.0.0.0 > >И причем тут  UNICAST? > >Заранее благодарен за ответы. man smb.conf        bind interfaces only (G)               This  global  parameter  allows  the  Samba  admin to limit what               interfaces on a machine will serve SMB requests. It affects file               service smbd(8) and name service nmbd(8) in a slightly different               ways.               For name service it causes nmbd to bind to ports 137 and 138  on               the  interfaces  listed  in  the interfaces parameter. nmbd also               binds to the "all addresses" interface (0.0.0.0)  on  ports  137               and  138 for the purposes of reading broadcast messages. If this               option is not set then nmbd will service name requests on all of               these  sockets.  If  bind  interfaces only is set then nmbd will               check the source address of any packets coming in on the  broad-               cast  sockets  and  discard  any  that don't match the broadcast               addresses of the interfaces in the interfaces parameter list. As               unicast packets are received on the other sockets it allows nmbd               to refuse to serve names to  machines  that  send  packets  that               arrive through any interfaces not listed in the interfaces list.               IP Source address spoofing does defeat this simple  check,  how-               ever, so it must not be used seriously as a security feature for               nmbd.               For file service it causes smbd(8) to bind only to the interface               list  given in the interfaces parameter. This restricts the net-               works that smbd will serve to packets  coming  in  those  inter-               faces.  Note that you should not use this parameter for machines               that are serving PPP or other intermittent or non-broadcast net-               work  interfaces  as  it will not cope with non-permanent inter-               faces.               If bind interfaces only is set then unless the  network  address               127.0.0.1 is added to the interfaces parameter list smbpasswd(8)               and swat(8) may not work as expected due to the reasons  covered               below.               To  change  a  users SMB password, the smbpasswd by default con-               nects to the localhost - 127.0.0.1 address as an SMB  client  to               issue  the  password  change request. If bind interfaces only is               set then unless the network address 127.0.0.1 is  added  to  the               interfaces  parameter  list then  smbpasswd will fail to connect               in it's default mode. smbpasswd can be forced to use the primary               addresses of the interfaces in the interfaces parameter list. As               unicast packets are received on the other sockets it allows nmbd               to refuse to serve names to  machines  that  send  packets  that               arrive through any interfaces not listed in the interfaces list.               IP Source address spoofing does defeat this simple  check,  how-               ever, so it must not be used seriously as a security feature for               nmbd.               For file service it causes smbd(8) to bind only to the interface               list  given in the interfaces parameter. This restricts the net-               works that smbd will serve to packets  coming  in  those  inter-               faces.  Note that you should not use this parameter for machines               that are serving PPP or other intermittent or non-broadcast net-               work  interfaces  as  it will not cope with non-permanent inter-               faces.               If bind interfaces only is set then unless the  network  address               127.0.0.1 is added to the interfaces parameter list smbpasswd(8)               and swat(8) may not work as expected due to the reasons  covered               below.               To  change  a  users SMB password, the smbpasswd by default con-               nects to the localhost - 127.0.0.1 address as an SMB  client  to               issue  the  password  change request. If bind interfaces only is               set then unless the network address 127.0.0.1 is  added  to  the               interfaces  parameter  list then  smbpasswd will fail to connect               in it's default mode. smbpasswd can be forced to use the primary               IP  interface  of  the  local  host by using its smbpasswd(8) -r               remote machine parameter, with remote machine set to the IP name               of the primary interface of the local host.               The  swat status page tries to connect with smbd and nmbd at the               address 127.0.0.1 to determine if they are running.  Not  adding               127.0.0.1 will cause  smbd and nmbd to always show "not running"               even if they really are. This  can  prevent   swat  from  start-               ing/stopping/restarting smbd and nmbd.               Default: bind interfaces only = no
	Рекомендовать в FAQ | Cообщить модератору | Наверх

Удалить

Индекс форумов | Темы | Пред. тема | След. тема

Пожалуйста, прежде чем написать сообщение, ознакомьтесь с данными рекомендациями.