Zentyal Forum, Linux Small Business Server
Zentyal Server => Directory and Authentication => Topic started by: covex on December 09, 2020, 10:57:26 am
-
I've Zentyal 6 and I created a two vlans in the interfaces, however samba not binds to their IPs and is trying to use the for replays for requests that came on a primary IP. The best would be to avoid this. Is the
checkbox
External (WAN) Check this if you are using Zentyal as a gateway and this interface is connected to your Internet router.
the way to achieve the samba to not to bind to those vlan IPs?
Thanks.
-
:)
Rad this https://wiki.samba.org/index.php/Configure_Samba_to_Bind_to_Specific_Interfaces (https://wiki.samba.org/index.php/Configure_Samba_to_Bind_to_Specific_Interfaces) and this https://doc.zentyal.org/es/appendix-c.html#stubs (https://doc.zentyal.org/es/appendix-c.html#stubs)
Cheers!
-
Thanks, I do not like to modify stubs - here is a method that should work: there is a /etc/zentyal/samba.conf with "listen" and "listen_external" directives.. so setting the vlans as "external" and setting "listen_external=no" should work, not sure what else this means for zentyal behavior thou... not sure how to use the "listen" as there also seems to be only "yes,no" - not sure what this is for setting listen to no would cause most of the zentyal functions to be useless right?
-
:)
Could be a great solution. Indeed, the samba.conf file isn't generated by templates, so you can change the parameters directly. Actually the change of the listen_external to "no" removes the external interfaces from the smb.conf "interfaces" parameter.
Defining a network interface as external apply the iptables rules configured for external networks and this section of the firewall has a default policy of denying any connection https://doc.zentyal.org/en/firewall.html#firewall-configuration-with-zentyal (https://doc.zentyal.org/en/firewall.html#firewall-configuration-with-zentyal)
So, you'll have to configure the needed firewall rules in order to grant permissions to the usual network traffic in your trunk interface.
Try it and tell us about it!
A great idea.