Zentyal Forum, Linux Small Business Server
Zentyal Server => Directory and Authentication => Topic started by: ATT1 on January 28, 2019, 03:34:46 pm
-
Hello,
I installed a Zentyal 4.1 long time ago and it still works and no I _don't_ want to upgrade under any circumstances; however I have to fix a tiny problem.
When being in the internal 192.168.x.x network I can reach the Zentyal shares fine using \\server01\shares on Windows-7 clients.
HOWEVER, the same machine has a 10.8.0.100 VPN-ip-adress, and trying to reach that from a VPN-connected Windows-Client won't work.
I assume it is the firewall, because:
Starting Nmap 6.40 ( http://nmap.org ) at 2019-01-28 15:25 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000040s latency).
Other addresses for localhost (not scanned): 127.0.0.1
rDNS record for 127.0.0.1: localhost.localdomain
Not shown: 975 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
88/tcp open kerberos-sec
110/tcp open pop3
135/tcp open msrpc
139/tcp open netbios-ssn
143/tcp open imap
389/tcp open ldap
443/tcp open https
445/tcp open microsoft-ds
464/tcp open kpasswd5
465/tcp open smtps
587/tcp open submission
636/tcp open ldapssl
993/tcp open imaps
995/tcp open pop3s
1024/tcp open kdm
3268/tcp open globalcatLDAP
3269/tcp open globalcatLDAPssl
3306/tcp open mysql
5000/tcp open upnp
8443/tcp open https-alt
20000/tcp open dnp
Nmap done: 1 IP address (1 host up) scanned in 1.68 seconds
root@srv01:~# nmap 10.9.0.101
Starting Nmap 6.40 ( http://nmap.org ) at 2019-01-28 15:26 CET
Nmap scan report for 10.9.0.101
Host is up (0.000023s latency).
Not shown: 987 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop3
143/tcp open imap
443/tcp open https
465/tcp open smtps
587/tcp open submission
993/tcp open imaps
995/tcp open pop3s
8443/tcp open https-alt
20000/tcp open dnp
Nmap done: 1 IP address (1 host up) scanned in 2.48 seconds
So you can see that the firewall won't allow (?) port 135 and port 139 on the VPN-IP.
How can I fix that? Any advice appreciated.
-
I can 100% confirm the same bug on Zentyal-6, latest development version : The firewall does not forward some ports to the VPN-IP (10.9.0.1 for example).
NMAP shows different results for "localhost" and for "VPN-IP".
These ports are filtered when using the VPN-IP:
88, 135, 139, 389, 445, 464, 636, 953.... WHY ???? :-[ :-[ :-[ :-[
I want to get \\vpn-server\shares to work for any windows client having any VPN-IP !! :'( :'( :'(
Edit: Addendum: Even when I totally switched off the firewall, the strange behaviour remained that some ports are not open when nmap'-checking the VPN-IP (10.9.0.101) of the Zentyal server. An Nmap-check of the local eth0-ip adress of the Zentyal server (192.168.0.100) reveals that all necessary ports are open...............
I have read all sort of VPN- and samba docs/forums/hints but I am still not getting this issue fixed. Any help greatly appreciated.
-
I just found it myself.
In /etc/samba/smb.conf you need the option :
bind interfaces only=no !!!!
Then it works.
So you first do "service samba-ad-dc stop" , edit the file, start the service again, and presto it worked..........