LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-05-2015, 11:48 AM   #1
Sheridan
Member
 
Registered: Aug 2007
Location: Hungary
Distribution: Fedora, CentOS
Posts: 91

Rep: Reputation: 21
Redirecting SMB traffic destined for old Samba server to new one


Hey everyone,

Some time ago I implemented a distributed storage for our network based on OpenAFS and Samba.

The storage space can now be reached via 192.168.6.10 and 192.168.1.2

For users in remote office, they should connect to 192.168.6.10, main office should remain connected to 1.2.

I figure, I just change the DNS name called "server" in the ClearOS Linux router of the remote office to point to 6.10 and done with it... nice and clean yes?

Problem is - some users at some early point may have had DNS issues which they didn't tell me about. Not surprising, since they Must be allowed to hack their machines and network settings around to do their jobs even if they sometimes mess up... You see the guys are engineers, moderately tech-savvy, so when they couldn't reach the share by name, they figures they'd just ignore me completely and ask their colleague in the main office for the IP of the storage server. Veeeeery smart....

(Ok I don't want to sound too critical, because in their defense, I need to say that they had to rely on themselves for 10 years for any IT support before I was hired when it was obvious the company cannot grow beyond a point without complex IT, virtualization, etc... Nevermind...)

So... Then they started remounting network drives based on IP, and for about two years, this went on... big problem is - most documents, links, etc. from these machines are now hard-referencing the share by IP address as a result of working this way. So when I wanted to redirect their traffic to the distributed storage, old stuff keeps reading from the old 1.2 IP directly over VPN.

It's not an option by far, to rename references in those files. Too many. Too big. Too complicated... in some cases even unlawful to modify.

So... I need a solution to redirect any and all Samba traffic that was originally destined to 192.168.1.2 to 192.168.6.10.

So far what I have done is this:

(eth1 - their localnet, 192.168.6.0/24)

Added this to /etc/clearos/firewall.d/local , the custom Iptables rules file of ClearOS:

Code:
#iptables -t nat -A PREROUTING -i eth1 -p tcp -d 192.168.1.2  -j DNAT --to 192.168.6.10
#iptables -t nat -A PREROUTING -i eth1 -p udp -d 192.168.1.2  -j DNAT --to 192.168.6.10

#iptables -t nat -A POSTROUTING -d 192.168.6.10 -j MASQUERADE
... it's commented out for a reason - it's not working.

Or rather it is, but it causes the following effect:

When client connects, it is able to browse the shares. Then at the beginning of the first real file transfer, (then after that in long, random intervals), it will cause the client transfer to go to a hold, then a RST packet comes from Samba and the transfer is aborted.

When I remove this ruleset and address the share directly by name or IP (6.10) everything's fine.

I guess my question is obvious - how can I redirect all traffic that goes to the old IP to the correct IP for the remote office without injecting any routing info, etc. into the client computers (that would be pointless, they mangle their routing table on a daily basis)?

Thank you very much if you can help me with this...
 
Old 04-06-2015, 08:07 AM   #2
Sheridan
Member
 
Registered: Aug 2007
Location: Hungary
Distribution: Fedora, CentOS
Posts: 91

Original Poster
Rep: Reputation: 21
Not sure yet, but possible solution - still testing it... so far so good, at least no breaking up of conn so far...

Code:
iptables -t nat -A PREROUTING -d 192.168.1.2 -j NETMAP --to 192.168.6.10
iptables -t nat -A POSTROUTING -s 192.168.6.10 -j SNAT to-source 192.168.1.2

iptables -t nat -A POSTROUTING -d 192.168.6.10 -o eth1 -j MASQUERADE
EDIT - altough not a very "pretty" solution by far, I think I can at least give this an "it works for me" grade... under the circumstances I believe that's what counts...

Hope it will help someone in my shoes altough personally I'd prefer to avoid solutions like this... oh well... maybe one day...

Issue closed...

Last edited by Sheridan; 04-06-2015 at 09:50 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables accepting non-destined traffic musclehead Linux - Networking 1 07-27-2010 04:07 PM
redirecting traffic to another server on the lan aeby Linux - Networking 1 08-31-2009 09:49 AM
redirecting traffic Tareq85 Linux - Networking 1 05-28-2008 03:47 PM
redirecting vpn traffic brb5548 Linux - Networking 1 07-01-2003 01:13 PM
samba server and smb.conf gogo Linux - Software 1 05-04-2001 07:00 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:11 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration