Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: block windows file sharing traffic between networks
Special Forums IP Networking block windows file sharing traffic between networks Post 302579247 by herot on Monday 5th of December 2011 08:23:18 AM
Old 12-05-2011
Quote:
Originally Posted by Corona688
That's odd. It usually doesn't make sense to route SMB traffic at all. Do the computers believe they're all on one big subnet? That'd be more like bridging.
Our network topo is this:

We have dual homed servers. 1 home is 192.0.10.0 (main home LAN) other home is 192.0.0.0 (WAN). We have the 192.0.0.0 (WAN) so our servers can talk over WAN to our other location (192.0.3.0). It is a Frame Relay connection. We have serial network printers in the other location (192.0.3.0) but the server (that people work on and send print jobs from) is at the main location (192.0.0.0).

NOW the other location. It's LAN is 192.0.3.0. It still needs to talk to 192.0.0.0 (WAN) to connect to the unix server (off site) and so the unix server can send print jobs to the (on site) printers. THUS, 192.0.3.0 (other home LAN) must communicate with 192.0.0.0 (WAN) but it only needs to for those printing purposes. I could let the clients ssh over internet for the terminal sessions.

in short:

main site ------------------------------------------other site
LAN1 (192.0.10.0) ------ WAN (192.0.0.0) -------- LAN2 (192.0.3.0)
server here -------------------------------------------printer here

The issue that caught my eye is this:

192.0.3.0 (LAN) router has static route to 192.0.0.0 frame (WAN)

I just installed a NAS on the 192.0.3.0 LAN. I mapped a share from the NAS to a network drive on a pc. I started a image backup from some backup software we use (EaseUS Todo) to image the pc drive to the NAS share. Job running fine. Frame starts dropping print jobs. Frame drops hella pings. I log back in to the pc that is being backed up and KILL the backup. INSTA presto Frame (WAN) (192.0.0.0) comes back up and starts working fine again.

my conclusion:

I need to stop all traffic except essential from possibly leaking onto WAN frame (192.0.0.0) from 192.0.3.0 OR 192.0.10.0


AND by the way,

should this let me block all traffic except when from ports 9100,22,23?:

(following ip tables to be put in the 192.0.3.0 LAN router)

Code:
iptables -I OUTPUT 1 -p tcp -d 192.0.0.0/24 --dport 22 -j ACCEPT
iptables -I OUTPUT 2 -p tcp -d 192.0.0.0/24 --dport 23 -j ACCEPT
iptables -I OUTPUT 3 -p tcp -d 192.0.0.0/24 --dport 9100 -j ACCEPT
iptables -I OUTPUT 4 -d 192.0.0.0/24 -j DROP

Last edited by herot; 12-05-2011 at 10:26 AM..
 

8 More Discussions You Might Find Interesting

1. Windows & DOS: Issues & Discussions

Windows Server 2003 file sharing with UNIX

We have a Windows Server 2003 box and I'd like to share a drive with a Sun Solaris box so that the Sun Solaris box can copy files to/from the Windows Server 2003. I believe that Windows Services for UNIX 3.5 will allow me to do this, can anyone comfirm this ? Also, any links on how to... (1 Reply)
Discussion started by: markgrimes
1 Replies

2. Linux

Please help me, about the file sharing with windows system

Did anybody can teach me how to set the premission in the samba server? How to i set the premission in one folder but two access right. With one folder but the user access rights is diffirent. One user can full access the folder, and another one user only read only. thx for helping... (1 Reply)
Discussion started by: cloudlor
1 Replies

3. Solaris

Windows/Solaris data sharing

Hi all, I have a request from Developer team in my compagny, they would like to be able to share data between unix and windows world. 1. We would like to be able to see Unix data from Windows : ?Samba ? 2 We would like to be able to see windows data from Solaris (Mount point) : ?NFS server... (4 Replies)
Discussion started by: unclefab
4 Replies

4. HP-UX

mount windows file sharing on hp-ux

Hi all, Can anyone teach me how to mount windows file sharing on hp-ux thanks (2 Replies)
Discussion started by: pantas manik
2 Replies

5. Solaris

Problem in File/Dir sharing between a windows and solaris

Hi , We are trying to share a particular directory between solaris running from VMware installed on Win7 box] and windows box. We tried the SWAT utility of samba, and made all possible changes for sharing. We committed the changes and we were clueless what need to be done further.. referred... (0 Replies)
Discussion started by: BalajiUthira
0 Replies

6. Solaris

SMB + Windows sharing

Hi guys I need to create one directory on my Solaris 11 box and then share that directory on my LAN. I have only one disk of 500 GB which is more than enough for my needs. I read SMB guide for Solaris and there is no guide how to achive share only on one directory, it has only tutorials for... (3 Replies)
Discussion started by: solaris_user
3 Replies

7. UNIX for Advanced & Expert Users

Enterprise level Solaris&Windows file sharing

"Samba," I know, I know. However, I am a gov't worker and Samba is off the table. Does anyone have a recommendation for an off the shelf, secure solution? I've already suggested rsync and NFS services for Windows Server and got shot down. (4 Replies)
Discussion started by: LittleLebowski
4 Replies

8. Solaris

Sharing to Windows

hiiii, recently we installed samba in solaris 11 machine. and create filesystem and mounted it. we want to mount the same file system in another windows machine through samba. How share that file system to windows and how to mount in windows . (2 Replies)
Discussion started by: Brahmam CH
2 Replies

LEARN ABOUT X11R4

findsmb

FINDSMB(1)							   User Commands							FINDSMB(1)

NAME

       findsmb - list info about machines that respond to SMB name queries on a subnet

SYNOPSIS

       findsmb [subnet broadcast address]

DESCRIPTION

       This perl script is part of the samba(7) suite.

       findsmb is a perl script that prints out several pieces of information about machines on a subnet that respond to SMB name query requests.
       It uses nmblookup(1) and smbclient(1) to obtain this information.

OPTIONS

       -r
	   Controls whether findsmb takes bugs in Windows95 into account when trying to find a Netbios name registered of the remote machine. This
	   option is disabled by default because it is specific to Windows 95 and Windows 95 machines only. If set, nmblookup(1) will be called
	   with -B option.

       subnet broadcast address
	   Without this option, findsmb will probe the subnet of the machine where findsmb(1) is run. This value is passed to nmblookup(1) as part
	   of the -B option.

EXAMPLES

       The output of findsmb lists the following information for all machines that respond to the initial nmblookup for any name: IP address,
       NetBIOS name, Workgroup name, operating system, and SMB server version.

       There will be a '+' in front of the workgroup name for machines that are local master browsers for that workgroup. There will be an '*' in
       front of the workgroup name for machines that are the domain master browser for that workgroup. Machines that are running Windows for
       Workgroups, Windows 95 or Windows 98 will not show any information about the operating system or server version.

       The command with -r option must be run on a system without nmbd(8) running. If nmbd is running on the system, you will only get the IP
       address and the DNS name of the machine. To get proper responses from Windows 95 and Windows 98 machines, the command must be run as root
       and with -r option on a machine without nmbd running.

       For example, running findsmb without -r option set would yield output similar to the following

	   IP ADDR	   NETBIOS NAME   WORKGROUP/OS/VERSION
	   ---------------------------------------------------------------------
	   192.168.35.10   MINESET-TEST1  [DMVENGR]
	   192.168.35.55   LINUXBOX	 *[MYGROUP] [Unix] [Samba 2.0.6]
	   192.168.35.56   HERBNT2	  [HERB-NT]
	   192.168.35.63   GANDALF	  [MVENGR] [Unix] [Samba 2.0.5a for IRIX]
	   192.168.35.65   SAUNA	  [WORKGROUP] [Unix] [Samba 1.9.18p10]
	   192.168.35.71   FROGSTAR	  [ENGR] [Unix] [Samba 2.0.0 for IRIX]
	   192.168.35.78   HERBDHCP1	 +[HERB]
	   192.168.35.88   SCNT2	 +[MVENGR] [Windows NT 4.0] [NT LAN Manager 4.0]
	   192.168.35.93   FROGSTAR-PC	  [MVENGR] [Windows 5.0] [Windows 2000 LAN Manager]
	   192.168.35.97   HERBNT1	 *[HERB-NT] [Windows NT 4.0] [NT LAN Manager 4.0]

VERSION

       This man page is correct for version 3 of the Samba suite.

SEE ALSO

       nmbd(8), smbclient(1), and nmblookup(1)

AUTHOR

       The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open
       Source project similar to the way the Linux kernel is developed.

       The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another excellent piece of Open
       Source software, available at ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to
       DocBook for Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.

Samba 3.5							    06/18/2010								FINDSMB(1)
All times are GMT -4. The time now is 12:48 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy