KrazyWorks » Accessing Samba server in DMZ

December 27, 2011 – 12:22 am | 3 Comments

Some of the technical issues with Boxee Box could have been fixed if the dev team was paying more attention to addressing the bugs rather than adding “features” of dubious value. In the final analysis, for the price and ease of use, Boxee Box is the best in its class and price range. You just need to be mindful of its limitations and buy it in hope of future improvements to its usability.

Read the full story »

Networking

Unix and Linux network configuration. Multiple network interfaces. Bridged NICs. High-availability network configurations.

Applications

Reviews of latest Unix and Linux software. Helpful tips for application support admins. Automating application support.

Data

Disk partitioning, filesystems, directories, and files. Volume management, logical volumes, HA filesystems. Backups and disaster recovery.

Monitoring

Distributed server monitoring. Server performance and capacity planning. Monitoring applications, network status and user activity.

Commands & Shells

Cool Unix shell commands and options. Command-line tools and application. Things every Unix sysadmin needs to know.

Home » Networking, Samba

Accessing Samba server in DMZ

Submitted by Igor on January 22, 2006 – 2:04 pmNo Comment

This note explains how to access a Samba server located on the “orange” DMZ subnet from a Windows PC on the “green” LAN. The problem for Samba is caused by the firewall blocking NETBIOS responses. In the firewall log you may see the following entries indicative of this issue:

13:39:07  	eth1  	-  	UDP
	192.168.123.117
	137(NETBIOS-NS)
	192.168.123.255
	137(NETBIOS-NS)
13:39:11 	eth1 	- 	UDP
	192.168.123.117
	138(NETBIOS-DGM)
	192.168.123.255
	138(NETBIOS-DGM)

In this case 192.168.123.117 is the IP of the Samba server and 192.168.123.255 is the broadcast address of the “orange” DMZ interface.

Configuration used for this example: Smoothwall firewall running on a stand-alone computer with three NICs and “red-orange-green” network profile; a SuSE Linux Samba server connected to the “orange” DMZ interface with subnet 198.168.123; a Windows XP Home PC on the “green” LAN with subnet 192.168.122. See the diagram below:

On the Windows PC go to the %SystemRoot%\System32\Drivers\Etc (i.e. C:\WINNT\system32\drivers\etc) and rename file lmhosts.sam to lmhosts

Open the lmhosts file in Notepad and add your Samba server as shown below:

192.168.123.117	deathstar		#PRE	#DOM:jedi
192.168.123.117	deathstar_smb	#PRE	#DOM:jedi

In this example 192.168.123.117 is the IP address of the Samba server on the “orange” DMZ network. Deathstar is the primary host name and deathstar_smb is samba hostname. And jedi is the domain name as displayed by `domainname` command ran on the Samba server.

Save the file, exit Notepad and click Start -> Run -> cmd -> OK -> nbtstat -R This will reload the NBT Remote Cache Name Table.

Still in the command prompt type nbtstat -c to view your current NetBIOS Remote Cache Name Table.

Popularity: 6% [?]

Applications »

OpenSUSE 11.4 Installation Overview

After enjoying taking apart Microsoft’s “cloud” Office 365 for the numerous shortcomings of its installation process, having to do the same for my favorite Linux distro – openSUSE – is rather upsetting. OpenSUSE installation routine went from nearly-flawless in 11.1 to mildly annoying in 11.3, arriving to moderately obnoxious in 11.4. What happened? Same as with Microsoft, poor installation workflow is to blame. One can always feel when desktop support people take over workflow tasks from server admins.

More articles »

Commands & Shells »

Compress Old Log Files on Linux

Most log files located in /var/log are part of the log rotation and will be compressed automatically. However, in many cases various user applications maintain log files outside of /var/log. These logs are not managed …

More articles »

Data »

Adding LUNs to VXVM on Linux

The following is a brief overview of the process for adding LUNs to VXVM under Linux. In our example we have an RHEL 5 server with existing LUNs and VXVM volume groups. Two new LUNs with multipathing were allocated from SAN and need to be added to the system to grow one of the volumes and the corresponding filesystem.

More articles »

Hardware »

Quick Review: Boxee Box

Some of the technical issues with Boxee Box could have been fixed if the dev team was paying more attention to addressing the bugs rather than adding “features” of dubious value. In the final analysis, for the price and ease of use, Boxee Box is the best in its class and price range. You just need to be mindful of its limitations and buy it in hope of future improvements to its usability.

More articles »

Monitoring »

Simple Host Monitoring with SSH

Sometimes you just need something very simple to monitor a server or an application on a temporary basis. A basic ping monitor is fine, but it will only tell you if a server is responding on the network. It will not tell you if there is some other problem on the system. The script below relies on passwordless SSH setup to periodically log into the monitored nodes and check on their health by executing a local or remote script.

More articles »

Networking »

Red Hat: Changing Hostname and IP

Changing hostname and IP is frequently required when a server is being moved from testing or development to production. The process is a fairly simple one, but steps must be performed in a certain order to avoid complications.

More articles »

Scripts »

Windows Network Troubleshooting Script

I try my best to stay away from Windows. I wish my clients did the same. The usual difficulty of troubleshooting elusive network performance problems is amplified many-fold when there is a Windows computer at the end of the line. With Unix it’s relatively simple: run tests “a”, “b”, “c”, etc and follow the familiar process of elimination. With Windows in the picture the number of steps uses up all of the English alphabet and spills over well into the Russian one. And when you finally reach step “я”, you have to pull out your Chinese dictionary.

More articles »

Air Guns Shake Up Earthquake Monitoring
sciencehabit writes "Petroleum geologists have long used air guns in their search for oil and gas deposits. Sudden blasts from the devices generate seismic waves that they use to map underground rock formations. Could the same technique be used to study earthquakes? A team of Chinese scientists thinks so. The researchers have designed an air gun that co […]
Half of Fortune 500s, US Agencies Still Infected With DNSChanger Trojan
tsu doh nimh writes "Two months after authorities shut down a massive Internet traffic hijacking scheme, the malicious software that powered the criminal network is still running on computers at half of the Fortune 500 companies, and on PCs at nearly 50 percent of all federal government agencies. Internet Identity, a Tacoma, Wash. company that sells sec […]
Ex-FCC Chair: Spectrum Plan "Single Worst Telecom Bill I've Seen"
alphadogg writes "Former FCC chairman Reed Hundt made waves when he called the House spectrum auction legislation 'the single worst telecom bill' he's seen. The legislation, which would severely restrict the FCC's ability to place conditions on spectrum auctions, is seen as a non-starter in the Senate where a bipartisan group of sena […]

Server Info

Server:	rowen.accountservergroup.com
OS    :	Red Hat 4.1.2-50
Kernel:	Linux 2.6.18-338.12.1.el5.lve0.8.34
Arch  :	64-bit OS running on 64-bit hardware 
CPU(s):	2 x 4-core Intel Xeon CPU E5620@ 2.40GHz
RAM   :	23Gb (99% used), 16 x 1Gb DIMMs
Swap  :	6Gb (0% used), paging in/out: 0/0
Uptime:	23 days
Load  :	.13, .14, .16
CPU % :	8 CPU cores at 16% combined utilization
Disk  :	util, svc time - sda: %, ms; 
Apps  :	MySQL 5.0.91, Perl 5.8.8
Issues:	occasional RAM shortages