Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello, I'm having a bit of trouble here. My network has two subnetworks, one 192.168.1.* and one 192.168.2.*. The 192.168.1.* network has two Windows comps. The other one, 192.168.2.* is made of two Linux comps runnign Samba. A linux box functioning as a router sits between the two networks, and also runs Samba. I can ping hosts between the two subnets, and they're all on the same workgroup. However, I can't see the boxes on different subnets when I view all of the computers in the workgroup. In other words, I can't see any of the Linux boxes from 192.168.1.*, and I can't see any of the Windows boxes from 192.168.2.*. The router with Samba on it shows up on 192.168.2.* with the other Linux boxes. There is no firewall between the two networks to close the Windows file sharing port. Would a WINS server solve this? How do I configure Samba to do this?
What you are seeing is a result of how MS networking works. They send out broadcasts to their subnet broadcast address which will not get forwarded across a router boundary. A WINS server should resolve this. Try adding the following line to one of your samba machines that you want to be the WINS server.
wins support = yes
For the other samba machines that you have, add the following lines.
wins support = no
wins server = 192.168.1.x
name resolve order = wins hosts lmhosts bcast
I have not verified this myself, but this is what I found on a quick Google search.
I could need some help on this subject as well. I have a similar setup, but only one computer on each subnet and no samba server on the router. That is, something like this:
I can't access the samba share from windows either, even after I've set up a WINS server on the linux machine. I specified it's ip in tcp/ip "advanced properties" on the xp box.
As for the rest of the setup, it should be ok since the samba server was actually running on the router before, on the same subnet as the windows box, and was working there. I just moved the configuration files and all.
The smb.conf looks like this:
Code:
[global]
workgroup = Dask
netbios name = fiesta
server string = Samba Server %v
load printers = no
log file = /var/log/samba/log.%m
log level = 3
hosts allow = 192.168.0.3 127.
security = user
encrypt passwords = yes
smb passwd file = /etc/samba/private/smbpasswd
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
remote browse sync = 192.168.0.3
remote announce = 192.168.0.255
time server = yes
wins support = yes
dns proxy = no
[storage]
comment = Storage
path = /stora
valid users = lenny, nobody
public = yes
writable = yes
write list = lenny
Lenny: In addition to adding the linux address to the xp wins resolution configuration, try also adding the linux box netbios name / IP address to the xp /windows/system32/drivers/etc/lmhosts file and reboot. You probably already have the file /windows/system32/drivers/etc/LMHOSTS.SAM to use as an example.
Thanks for your quick replies. I wasn't able to see them until today, since I attempted another solution: merging the networks (using 192.168.1.X on both interfaces). It didn't work, and when I tried to go back to the previous ip numbers, I accidently set my gateway to 192.168.1.0 and couldn't connect to it and I couldn't understand why... So anyway, it's been interesting.
shubb: I cannot connect to the server from any native windows programs. What do you mean by entering the ip directly, you mean like \\192.168.2.10 in explorer or my computer? No, that doesn't work either. Ssh works fine though.
WhatsHisName: Interesting. I put "192.168.2.10 server" in that file, I don't think any of the extra options are needed. Still can't find the computer though.
So, my current idea is to have a fake ip number, say 192.168.1.20, in the same subnet as the windows computer, and forward all samba related ports to that ip to the server using iptables. I'll report back when I know if it works.
Lenny: This may sound stupid, but make sure the file is named “lmhosts” (i.e., dos “LMHOSTS.” and not “lmhosts.txt”. If you are like me and use notepad for simple editing, notepad always renames lmhosts.sam as lmhosts.txt, which is not recognized by windows.
Based on your initial text and the smb.conf info, lmhosts should contain:
#
192.168.1.2 fiesta #PRE #any comment like wins server
#
The #PRE forces preloading at boot time. If you changed the samba netbios name or the linux box IP address, then my above example is in error and use the correct info instead.
Adding the linux box to window’s lmhosts almost always fixes the ability of the windows box to find the wins server, and indirectly, the ability to find the other systems on the LAN. This in combination with activating the window’s WINS resolution in the TCP/IP configuration unusually clears up problems with the windows box finding other boxes on the LAN. The best thing that can happen to a microsoft-based LAN is to activate the wins server on a linux box and to point the windows boxes there.
As a side note, XP is a real pain when you are trying to search for something on a different subnet. Stubborn is another way to describe it.
You were right, it was called lmhosts.txt. I fixed it, and I also updated the smb.conf to the new ip numbers (I changed them all in the chaos the day before yesterday). So now I think I have all that I should need:
* lmhosts contain the line you described (although fiesta is now 192.168.2.10).
* I have 192.168.2.10 as wins server in tcp/ip.
* smb.conf has the line "wins support = yes"
Still nothing though. Perhaps samba is misconfigured after all. I'll have to go through the samba howto again and see if it helps.
Lenny: With all of the changes to your network, make sure that smb.conf “host allow” is correct, or just comment it out for now. Also, try defining your linux box as the domain master.
Lenny: Regarding the windows WINS configuration (i.e., Advanced TCP/IP Settings), make sure that the “Enable LMHOSTS Lookup” box is checked under the WINS tab.
Lenny, are you still not able to connect to the computer by IP address? i.e. \\192.168.... If not, then your problem is an IP problem and not necessarily a samba/WINS problem. You mentioned that you are running iptables. Are you sure that you have the correct ports open on your server? You need to have the following ports open to use samba
UDP ports 137 and 138
TCP ports 139 and 445
If you still cannot connect opening these ports, then try sniffing the ethernet port when you are trying to connect and see if it is trying to connect to a port that is closed on the server.
The enable lmhosts box is checked, I'm sure of that. I'll try with a simpler configuration for samba using the domain master lines.
I do run iptables, but I added a rule to let all traffic between these two computers through. Perhaps it's still blocking the broadcasts, but using a wins server, the broadcasts aren't necessary are they?
I installed ethereal and tcpdump on the router, I'll check what actually happens when I try to connect to samba.
Ok, I have a few things to try now. I'll be back with the results in a day or two. Thanks again.
Ok, I'm back with a few log entries and network sniffing results. The firewall log on the router shows that the broadcasts are stopped, but nothing else. (All dropped packages should be logged at least once). However, my understanding is that this doesn't matter, if there is a wins server running.
Code:
May 19 22:08:26 hugo iptables: Bad packet eth1:IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:e0:7d:8c:f9:dd:08:00 SRC=192.168.1.11 DST=192.168.1.255 LEN=218 TOS=0x00 PREC=0x00 TTL=128 ID=8 PROTO=UDP SPT=138 DPT=138 LEN=198
May 19 22:08:18 hugo iptables: Bad packet eth2:IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:00:40:05:e3:f0:61:08:00 SRC=192.168.2.10 DST=192.168.2.255 LEN=241 TOS=0x00 PREC=0x00 TTL=64 ID=38 DF PROTO=UDP SPT=138 DPT=138 LEN=221
Here's some lines from tethereal, network sniffer. This first block is the traffic on eth1, which is facing the desktop. I've had to remove a lot of hopefully unrelated lines here. Most of them came from the ssh connection I used to start the sniffer *stupid*
Code:
159.130639 Netronix_8c:f9:dd -> Broadcast ARP Who has 192.168.1.1? Tell 192.168.1.11
159.130821 RealtekS_81:00:44 -> Netronix_8c:f9:dd ARP 192.168.1.1 is at 00:e0:4c:81:00:44
159.131031 192.168.1.11 -> 192.168.2.10 NBNS Registration NB KABOMBO<00>
159.131663 00000000.00e07d8cf9dd -> 00000000.ffffffffffff NBIPX Check name KABOMBO<00>
159.133576 192.168.2.10 -> 192.168.1.11 NBNS Registration response NB 192.168.1.11
159.135038 192.168.1.11 -> 192.168.2.10 NBNS Registration NB DASK<00>
159.137522 192.168.2.10 -> 192.168.1.11 NBNS Registration response NB 192.168.1.11
183.735419 192.168.1.11 -> 192.168.1.255 BROWSER Browser Election Request
184.801573 192.168.1.11 -> 193.11.224.20 DNS Standard query PTR 10.2.168.192.in-addr.arpa
184.807934 193.11.224.20 -> 192.168.1.11 DNS Standard query response, No such name
189.262398 192.168.1.11 -> 192.168.1.255 NBNS Registration NB DASK<1d>
191.021370 192.168.2.10 -> 192.168.1.11 BROWSER Master Announcement
196.231314 00000000.00e07d8cf9dd -> 00000000.ffffffffffff IPX SAP Nearest Query
196.792088 192.168.1.11 -> 192.168.1.255 NBNS Registration NB <01><02>__MSBROWSE__<02><01>
199.115029 00000000.00e07d8cf9dd -> 00000000.ffffffffffff IPX SAP General Query
199.796117 192.168.1.11 -> 192.168.1.255 BROWSER Request Announcement KABOMBO
199.797559 192.168.1.11 -> 192.168.1.255 BROWSER Domain/Workgroup Announcement DASK, NT Workstation, Domain Enum
199.828303 00000000.00e07d8cf9dd -> 00000000.ffffffffffff NBIPX Check name DASK<1d>
199.835936 00000000.00e07d8cf9dd -> 00000000.ffffffffffff IPX SAP General Query
202.072646 192.168.1.11 -> 192.168.1.255 BROWSER Get Backup List Request
202.078969 00000000.00e07d8cf9dd -> 00000000.ffffffffffff NBIPX Check name <01><02>__MSBROWSE__<02><01>
204.341796 00000000.00e07d8cf9dd -> 00000000.ffffffffffff NBIPX Find name DASK<00>
206.594748 192.168.1.11 -> 192.168.1.255 NBNS Name query NB DASK<1b>
206.925126 00000000.00e07d8cf9dd -> 00000000.ffffffffffff NBIPX Find name <01><02>__MSBROWSE__<02><01>
209.508463 00000000.00e07d8cf9dd -> 00000000.ffffffffffff NBIPX Find name KABOMBO<00>
209.808857 00000000.00e07d8cf9dd -> 00000000.ffffffffffff NBIPX Find name DASK<1b>
217.799637 00000000.00e07d8cf9dd -> 00000000.ffffffffffff BROWSER Host Announcement KABOMBO, Workstation, Server, NT Workstat
ion, Potential Browser
259.794471 192.168.1.11 -> 192.168.1.255 BROWSER Domain/Workgroup Announcement DASK, NT Workstation, Domain Enum
Here it's capturing on eth2, which is facing the samba server:
Code:
Capturing on eth2
0.000000 192.168.1.11 -> 192.168.2.10 NBNS Registration NB KABOMBO<00>
0.001846 192.168.2.10 -> 192.168.1.11 NBNS Registration response NB 192.168.1.11
0.003803 192.168.1.11 -> 192.168.2.10 NBNS Registration NB DASK<00>
0.005865 192.168.2.10 -> 192.168.1.11 NBNS Registration response NB 192.168.1.11
4.997679 BellTech_53:35:a6 -> AniCommu_e3:f0:61 ARP Who has 192.168.2.10? Tell 192.168.2.1
4.998393 AniCommu_e3:f0:61 -> BellTech_53:35:a6 ARP 192.168.2.10 is at 00:40:05:e3:f0:61
11.889349 192.168.1.11 -> 192.168.2.10 NBNS Registration NB DASK<1e>
11.891152 192.168.2.10 -> 192.168.1.11 NBNS Registration response NB 192.168.1.11
16.888166 AniCommu_e3:f0:61 -> BellTech_53:35:a6 ARP Who has 192.168.2.1? Tell 192.168.2.10
16.888434 BellTech_53:35:a6 -> AniCommu_e3:f0:61 ARP 192.168.2.1 is at 00:00:1c:53:35:a6
31.889043 192.168.2.10 -> 192.168.1.255 BROWSER Host Announcement FIESTA, Workstation, Server, Print Queue Server, Xenix Server, NT Workstation, NT Server
31.889464 192.168.2.10 -> 192.168.1.11 BROWSER Master Announcement
61.876353 192.168.2.10 -> 192.168.2.255 BROWSER Local Master Announcement FIESTA, Workstation, Server, Print Queue Server, Xenix Server, NT Workstation, NT Server, Master Browser, Domain Master Browser
61.877014 192.168.2.10 -> 192.168.2.255 BROWSER Domain/Workgroup Announcement DASK, NT Workstation, Domain Enum
Here's a snippet from /var/log/samba/log.nmbd, the only samba log that contains anything.
Code:
[2004/05/19 22:07:53, 3] nmbd/nmbd_winsserver.c:wins_process_name_registration_request(817)
wins_process_name_registration_request: Adding IP 255.255.255.255 to group name DASK<00>.
[2004/05/19 22:08:05, 3] nmbd/nmbd_winsserver.c:wins_process_name_registration_request(734)
wins_process_name_registration_request: Group name registration for name DASK<1e> IP 192.168.1.11
[2004/05/19 22:08:05, 3] nmbd/nmbd_winsserver.c:wins_process_name_registration_request(817)
wins_process_name_registration_request: Adding IP 255.255.255.255 to group name DASK<1e>.
[2004/05/19 22:08:05, 3] nmbd/nmbd_sendannounce.c:send_local_master_announcement(163)
send_local_master_announcement: type c9a03 for name FIESTA on subnet 192.168.2.10 for workgroup DASK
[2004/05/19 22:08:05, 3] nmbd/nmbd_sendannounce.c:send_workgroup_announcement(182)
send_workgroup_announcement: on subnet 192.168.2.10 for workgroup DASK
[2004/05/19 22:10:56, 3] nmbd/nmbd_winsserver.c:wins_process_name_query_request(1445)
wins_process_name_query: name query for name *<1b> from IP 192.168.2.10
[2004/05/19 22:11:21, 2] nmbd/nmbd_browsesync.c:announce_local_master_browser_to_domain_master_browser(109)
announce_local_master_browser_to_domain_master_browser:
We are both a domain and a local master browser for workgroup DASK. Do not announce to ourselves.
[2004/05/19 22:11:21, 2] nmbd/nmbd_browsesync.c:sync_with_dmb(151)
sync_with_dmb:
Initiating sync with domain master browser FIESTA<20> at IP 192.168.2.10 for workgroup DASK
[2004/05/19 22:16:21, 3] nmbd/nmbd_sendannounce.c:send_local_master_announcement(163)
send_local_master_announcement: type c9a03 for name FIESTA on subnet 192.168.2.10 for workgroup DASK
[2004/05/19 22:16:21, 3] nmbd/nmbd_sendannounce.c:send_workgroup_announcement(182)
send_workgroup_announcement: on subnet 192.168.2.10 for workgroup DASK
Where was the last packet trace taken? When you see the [RST, ACK], that means that iptables is blocking that port. That means that the server that was sniffed on has http blocked in iptables.
As far as the samba goes, you dont need to worry about WINS just yet. You can't even connect via IP, so WINS is not going to make a bit of difference.
On the router and the samba server, type "iptables -L" and it will print out the rules that are active. If you dont see a rule like the one below, but for the netbios TCP and UDP ports, then iptables is blocking it.
Removed a long post with my iptables configuration and the outputs of iptables -L
I'm so stupid I think I should win some kind of trophy. I've had zone alarm running on windows the whole time. I forgot all about it! Why have two firewalls?
I've wasted your time. I'm so embarrassed, but I'm also happy that it's working and that I'm not posting here using my real name
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.