论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2003-02-26 18:38 |只看该作者 |倒序浏览

大家好。
我的网络拓扑如下：
172.16.9.182--------172.16.9.250,172.16.8.55----------172.16.8.41
我想让172.16.8.41能通过网上邻居访问172.16.9.182
172.16.9.182对应的netbios名为filer
下载并解开samba-2.2.1a.tar.gz和samba-2.2.1a-nbfw-0.4.0.tar.gz
1、cd /home/samba-2.2.1a
2、patch -p1 < /home/samba-2.2.1a-nbfw-0.4.0/samba-2.2.1a.patch
3、cd source
4、./configure
5、make
6、make install
7、安装完毕后，编辑smb.conf文件如下：
[global]

# workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4
workgroup = info&net

# server string is the equivalent of the NT Description field
server string = Samba Server
#
netbios name = samba

#
nbfw backend hosts = 172.16.9.182
nbfw netbios names = "info&net" filer lw
; nbfw deny hosts = 172.16.8.1

# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
load printers = yes

# this tells Samba to use a separate log file for each machine
# that connects
log file = /usr/local/samba/var/log.%m

# Put a capping on the size of the log files (in Kb).
max log size = 50

# Security mode. Most people will want user level security. See
# security_level.txt for details.
security = user

# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
  encrypt passwords = yes

# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
# You may want to add the following on a Linux system:
# SO_RCVBUF=8192 SO_SNDBUF=8192
socket options = TCP_NODELAY

# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
interfaces = 172.16.8.55/24 172.16.9.250/24

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
# this has been changed in version 1.9.18 to no.
dns proxy = no

lock directory = /usr/local/samba/var/locks

#========== Share Definitions ============
[homes]
comment = Home Directories
browseable = yes
writable = yes

# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
comment = All Printers
path = /usr/spool/samba
browseable = yes
# Set public = yes to allow user 'guest account' to print
guest ok = no
writable = no
printable = yes
8、运行nmbdnbfw -D
   smbdnbfw -D
9、iptables的配置规则如下：
其中：172.16.8.255为eth0 ,172.16.9.182为内网里的一台win2000
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -t nat -A POSTROUTING -s 172.16.9.0/24 -j SNAT --to 172.16.8.55
$IPTABLES -t nat -A PREROUTING -d 172.16.8.255 -j DNAT --to 172.16.9.255
$IPTABLES -t nat -A PREROUTING -d 172.16.9.255 -j DNAT --to 172.16.8.255
$IPTABLES -t nat -A PREROUTING -p tcp -d 172.16.8.55 --sport 137 -j DNAT --to 172.16.9.182:137
$IPTABLES -t nat -A PREROUTING -p tcp -d 172.16.8.55 --sport 138 -j DNAT --to 172.16.9.182:138
$IPTABLES -t nat -A PREROUTING -p tcp -d 172.16.8.55 --sport 139 -j DNAT --to 172.16.9.182:139
$IPTABLES -t nat -A PREROUTING -p udp -d 172.16.8.55 --sport 137 -j DNAT --to 172.16.9.182:137
$IPTABLES -t nat -A PREROUTING -p udp -d 172.16.8.55 --sport 138 -j DNAT --to 172.16.9.182:138
$IPTABLES -t nat -A PREROUTING -p udp -d 172.16.8.55 --sport 139 -j DNAT --to 172.16.9.182:139
遇见的问题如下：
在172.16.8.41的网络邻居中可以找到filer,但无法进入filer。报错信息为：找不到网络路径。
在samba的log.nmbd中有如下错误信息：
nmbd/nmbd-fw.c:is_from_good_dgramname(300)
  Warning: packet accepted for forwarding from backend to outside, but we don't forward for this netbios name. Please check config.
在nmbd-fw.c中：
/******************************************************************
  Check if dgram packet came from a good host or subnet.
******************************************************************/
static int
is_from_good_dgramname (struct dgram_packet *dgram, int masquerade)
{
struct in_addr resolved_addr;

  if (nbfw_name_list)
  {
   if (!masquerade)
   {
/* If we don't masquerade we're probably dealing with packets from the outside to our backend. There's no need to forward packets if our backend will just drop them */

      return (is_known_name (&dgram->;dest_name));
   }
   else
   {
/* If we _do_ masquerade forward only the packets which came
form a known netbios name */

   if (is_known_name (&dgram->;source_name))
return (1);
   else
      {
DEBUG (0,
("Warning: packet accepted for forwarding from backend to outside, but we don't forward for this netbios name. Please check config.\n"