KrazyWorks » Accessing Samba server in DMZ

September 4, 2010 – 5:23 pm | One Comment

iTunes for Windows must be one of the buggiest, most poorly written applications out there. In terms of wasted months of your life it definitely ranks up there with Lotus Notes and Media Player 12. I don’t know how well iTunes works on a Mac (I like computer mice with twenty buttons, so I never was a big Mac fan), but I think I read somewhere that iTunes for Windows is the leading cause of suicides among iPhone owners.

Read the full story »

Networking

Unix and Linux network configuration. Multiple network interfaces. Bridged NICs. High-availability network configurations.

Applications

Reviews of latest Unix and Linux software. Helpful tips for application support admins. Automating application support.

Data

Disk partitioning, filesystems, directories, and files. Volume management, logical volumes, HA filesystems. Backups and disaster recovery.

Monitoring

Distributed server monitoring. Server performance and capacity planning. Monitoring applications, network status and user activity.

Commands and Shells

Cool Unix shell commands and options. Command-line tools and application. Things every Unix sysadmin needs to know.

Home » Networking, Samba

Accessing Samba server in DMZ

Submitted by admin on January 22, 2006 – 2:04 pmNo Comment

This note explains how to access a Samba server located on the “orange” DMZ subnet from a Windows PC on the “green” LAN. The problem for Samba is caused by the firewall blocking NETBIOS responses. In the firewall log you may see the following entries indicative of this issue:

13:39:07  	eth1  	-  	UDP
	192.168.123.117
	137(NETBIOS-NS)
	192.168.123.255
	137(NETBIOS-NS)
13:39:11 	eth1 	- 	UDP
	192.168.123.117
	138(NETBIOS-DGM)
	192.168.123.255
	138(NETBIOS-DGM)

In this case 192.168.123.117 is the IP of the Samba server and 192.168.123.255 is the broadcast address of the “orange” DMZ interface.

Configuration used for this example: Smoothwall firewall running on a stand-alone computer with three NICs and “red-orange-green” network profile; a SuSE Linux Samba server connected to the “orange” DMZ interface with subnet 198.168.123; a Windows XP Home PC on the “green” LAN with subnet 192.168.122. See the diagram below:

On the Windows PC go to the %SystemRoot%\System32\Drivers\Etc (i.e. C:\WINNT\system32\drivers\etc) and rename file lmhosts.sam to lmhosts

Open the lmhosts file in Notepad and add your Samba server as shown below:

192.168.123.117	deathstar		#PRE	#DOM:jedi
192.168.123.117	deathstar_smb	#PRE	#DOM:jedi

In this example 192.168.123.117 is the IP address of the Samba server on the “orange” DMZ network. Deathstar is the primary host name and deathstar_smb is samba hostname. And jedi is the domain name as displayed by `domainname` command ran on the Samba server.

Save the file, exit Notepad and click Start -> Run -> cmd -> OK -> nbtstat -R This will reload the NBT Remote Cache Name Table.

Still in the command prompt type nbtstat -c to view your current NetBIOS Remote Cache Name Table.

Popularity: 11% [?]

Applications »

WordPress 3.0 and 3.0.1 Upgrade Bug

Ignoring my own advice to never install latest WordPress releases as soon as they come out, I upgraded my installation to WP 3.0 and shortly after to 3.0.1. Doing so broke a few things. Automatic …

More articles »

Commands and Shells »

Modifying Solaris Services

Recently I ran into an issue: the sshd service on a Solaris 10 box needed to be used with a custom configuration file. By default, the sshd service will use /etc/ssh/sshd_config. I needed it to use /etc/ssh/sshd_config_custom. I could not just modify the default configuration file. Don’t ask why – it’s complicated. So here’s what I ended up doing and this process is applicable to modifying any other Solaris 10 (and above) service.

More articles »

Data »

NFS “Not Owner” Error

The “not owner” error is displayed on the client system (usually Solaris) when attempting to mount an NFS share from a server. This error may appear even though the share is correctly exported and the client system has full access. If you are getting a “permission denied” error, then this article is not for you and you should check here instead.

More articles »

Hardware »

iPhone 3GS OS4 Upgrade

iTunes for Windows must be one of the buggiest, most poorly written applications out there. In terms of wasted months of your life it definitely ranks up there with Lotus Notes and Media Player 12. I don’t know how well iTunes works on a Mac (I like computer mice with twenty buttons, so I never was a big Mac fan), but I think I read somewhere that iTunes for Windows is the leading cause of suicides among iPhone owners.

More articles »

Monitoring »

Server and Network Monitoring with iPhone

What is a Unix sysadmin doing with an iPhone, you ask? It was a birthday present, if that’s all right with you. I know, I should have gotten something odd with a beta version of …

More articles »

Networking »

NFS “Not Owner” Error

The “not owner” error is displayed on the client system (usually Solaris) when attempting to mount an NFS share from a server. This error may appear even though the share is correctly exported and the client system has full access. If you are getting a “permission denied” error, then this article is not for you and you should check here instead.

More articles »

Scripts »

Windows Network Troubleshooting Script

I try my best to stay away from Windows. I wish my clients did the same. The usual difficulty of troubleshooting elusive network performance problems is amplified many-fold when there is a Windows computer at the end of the line. With Unix it’s relatively simple: run tests “a”, “b”, “c”, etc and follow the familiar process of elimination. With Windows in the picture the number of steps uses up all of the English alphabet and spills over well into the Russian one. And when you finally reach step “я”, you have to pull out your Chinese dictionary.

More articles »

Scientists Cut Greenland Ice Loss Estimate By Half
bonch writes "A new study on Greenland's and West Antarctica's rate of ice loss halves the estimate of ice loss. Published in the journal Nature Geoscience, the study takes into account a rebounding of the Earth's crust called glacial isostatic adjustment, a continuing rise of the crust after being smashed under the weight of the Ice Age. […]
DARPA Wants Extreme Wireless Interference Buster
coondoggie writes "This month the Defense Advanced Research Projects Agency will begin looking for technology that will let wireless communications work through the most extreme interference. From the article: 'The CommEx program will assess next generation and beyond jamming threats and then develop advanced interference suppression and avoidance […]
Film Industry Hires Cyber Hitmen To Take Down Pirates
thelostagency writes "Girish Kumar, managing director of Aiplex Software says his company is being hired by the film industry to attack online pirates. He says if a provider did not do anything to remove the link or content hosted on its site, his company would launch what is known as a denial-of-service (DoS) attack on the offending computer server. Fr […]

Server Info

Server:	meru.site5.com
OS    :	Red Hat 3.4.6-11
Kernel:	Linux 2.6.32.19-grsec
Arch  :	32-bit OS running on 64-bit hardware 
CPU(s):	8 x 4-core Intel Xeon CPU E5420@ 2.50GHz
RAM   :	8Gb (90% used), 16 x 512Kb DIMMs
Swap  :	6Gb (1% used), paging in/out: 0/0
Uptime:	13 days
Load  :	.09, .10, .11
CPU % :	32 CPU cores at 11% combined utilization
Disk  :	util, svc time - sda: 15.88%, 2.10ms; 
Apps  :	MySQL 5.0.91, Perl 5.8.8
Issues:	occasional RAM shortages