Web lists-archives.com

Re: [Samba] getent not working after installing firewall




Hai Harald, 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens 
> Reindl Harald via samba
> Verzonden: dinsdag 5 maart 2019 13:18
> Aan: samba@xxxxxxxxxxxxxxx
> Onderwerp: Re: [Samba] getent not working after installing firewall
> 
> 
> 
> Am 05.03.19 um 09:18 schrieb L.P.H. van Belle via samba:
> > Solution is really simple. 
> > Since this server is dual-homed ( 2 nic's ), i suggest 
> setup advanced routing tables. 
> > 
> > The short version of howto setup.
> > 
> > edit /etc/iproute2/rt_tables and Add :
> > 10 OfficeLan
> > 20 InternetWan
> > 
> > Lookup the routing tables:
> > ip route show table OfficeLan
> > ip route show table InternetWan
> > 
> > The default gateway's is to the internet.  ( change ethX to 
> you network interface name ) 
> 
> well, what is the point of multihoming an internal server at all?
>
That all depends on you needs sure, most people dont need a multihomed setup. 

My default gw is/are my core switches, where i'm intervlanning. 
5 endpoints to differnet locations, Mail splitted up over 2 locations.
Webserver with 2 internet locations but accesible through 3 locations +lan
And 6 subnets (in vlans.) 

Sounds all complex, wha.. Yes maybe, but things like that is why 'i' need multihoming. 
Can this be improved, sure yes but im not questioning the T.P. its setup, 
im showing a solution for his problem.  Nothing more, nothing less. 

You are questioning my solution thats good, now i think.. 
> 
> that's the job of the firewall/router/gateway but on your LAN you just
> have a 192.168.x.x network with no non-default routes and just the
> gateway which only is part of the game when a machine want to talk to
> something not in the own LAN

This suggests, for you a firewall, router and gateway are the same? For me not. 
This might be 1,2 or 3 devices. 

> 
> every other traffic stays in the LAN and don't touch the
> router/gateway/firewall, even not multicast on a proper device with
> "multicast off allmulticast off" since there is no point dealing with
> multicast packets on the firewall

No? Why im i reading different things here. 
https://tools.ietf.org/html/rfc2588 chap5. 

 In short, a firewall must do three things in order to handle
   multicast:

      1/ Support the chosen multicast security policy (which establishes
         particular multicast groups as being candidates to be relayed),
      2/ Determine (dynamically) when each candidate group should be
         relayed, and
      3/ Relay each candidate group's data across the firewall (and then
         re-multicast it at the far end).

Or 
https://docs.microsoft.com/en-us/previous-versions/windows/hardware/design/dn974068(v=vs.85)
Make Web Services on Devices (WSD) printers visible to Windows 10 via Multicast DNS (mDNS) and DNS Service Discovery (DNS-SD).

Or  https://tools.ietf.org/html/rfc4795 
The Link-Local Multicast Name Resolution (LLMNR) is a protocol based on the Domain Name System (DNS)
 packet format that allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local link.

So i dont totaly agree on you statement :
"there is no point dealing with multicast packets on the firewall"

Again this all is highly subjected to you needs, 90% of the users wont need it.. 
On that i agree with you. 

On the samba list we do have beginners and very advanced users. 
So thats why i do show things.. 

And i do appriciate you input Harald. 
Things like this wil only make samba better and resulting setup's will be better. 


Greetz, 

Louis



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba