Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Computer Networking > Linux Networking > Routing samba traffic

Reply
Thread Tools Display Modes

Routing samba traffic

 
 
David Brown
Guest
Posts: n/a

 
      01-05-2007, 12:57 PM
I am wondering a little about the ports and routing requirements for
windows file shares (using samba servers, and windows clients). We will
have at least two LANs which are mostly kept separate, but at least some
clients on each side will need access to file servers on the other LAN.
The two LANs will be joined via a router and firewall (which also
controls access to the internet and DMZ). We don't have a windows
domain, just a simple single workgroup.

As far as I can tell from the samba documentation, I need to consider
name service access (udp 137, udp 138) and the actual file share access
(tcp 135, tcp 139, tcp 445) slightly differently. To get naming
services working properly, so that clients can find the servers (on
either side), each client and server needs name service port access to a
common WINS server (which will also be the domain master browser). I am
not sure, but I think the WINS server also needs to be able to access
the local master browsers on the LANs using the same ports. It is not
necessarily clear which computer on each LAN is the local master
browser, as that depends on the "election" results - thus the WINS
server needs access on udp 137 and udp138 to each machine on the LANs.
I'm not thrilled at having to allow such traffic, but I can live with it
if it is necessary.

For the actual file sharing, any client wanting to access a particular
server must have access on tcp 135, tcp 139 and tcp 445 - that's just
standard firewall and routing rules.

Is that correct, or am I missing / misunderstanding anything?

I am also interested in controlled access to file servers from outside
(laptops and home office machines). The obvious solution would be a
VPN, but are there any other secure alternatives? I've been considering
using WebDAV (over https), since newer windows machines can access
WebDAV sites as file shares and mapped drives, or using SFTP along with
WinDrive (which allows mapping drives for direct access) or WinSCP
(which provides indirect access). Direct access such as WebDAV or
WinDrive are convenient for the users, but indirect access like WinSCP
(where the transfers are handled by a specific program) are more secure
in that other programs cannot directly access the shared data. I'd be
interested to hear of any experiences or opinions on the security,
reliability and convenience of these methods.

mvh.,

David
 
Reply With Quote
 
 
 
Reply

« what are the changes from mysql4.1.7 to mysql5.0.27 | How to find used IP addresses »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Win2003 R2 server just stops routing traffic until I restart Routing service Martijn Tonies Windows Networking 8 11-03-2008 11:05 AM
Routing Traffic Julian Windows Networking 3 01-11-2008 09:27 PM
Encryping samba traffic Marin Linux Networking 2 05-30-2004 09:15 AM
[Samba] WINS on Samba server and Routing jbob Linux Networking 0 08-13-2003 01:31 AM
WINS on Samba server and Routing jbob Linux Networking 0 08-12-2003 11:03 PM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11