Hi all,
I'm having some trouble accomplishing port forwarding with pf for a samba print share.
Basically:
I have the apache/cups/samba services running in a jail. When the user accesses the primary IP (192.168.0.101), I want it to forward requests on those ports to the jail's IP (192.168.0.101), and similarly have the primary IP appear in all replies, so that is completely unknown to the users that a jail is in use.
Here is my pf.conf file (I am new to pf: this server is already behind a NAT'ed router, hence the very permissive ruleset)
/etc/pf.conf
The above works great for samba file shares, http/https and swat requests, but when I try to access the printer share, XP machine whines "This operation could not be completed. Either the printer name was typed incorrectly, or the specified printer has lost its connection with the server."
If I use the jail's IP directly, though, I can access the print share (and all other services) and use it without problems.
Here is the pertinent samba log with log level 5:
http://pastebin.com/m50604197
I appreciate any and all advice...
I'm having some trouble accomplishing port forwarding with pf for a samba print share.
Basically:
I have the apache/cups/samba services running in a jail. When the user accesses the primary IP (192.168.0.101), I want it to forward requests on those ports to the jail's IP (192.168.0.101), and similarly have the primary IP appear in all replies, so that is completely unknown to the users that a jail is in use.
Here is my pf.conf file (I am new to pf: this server is already behind a NAT'ed router, hence the very permissive ruleset)
/etc/pf.conf
Code:
lo_if="lo0"
lo_addr="127.0.0.1"
ext_if="rl0"
base_addr="{192.168.0.101/24, 127.0.0.1}"
jail_addr="192.168.0.103/32"
tcp_forwards = "{ www, netbios-ns, netbios-dgm, netbios-ssn, https, microsoft-ds, swat }"
udp_forwards = "{ www, netbios-ns, netbios-dgm, netbios-ssn, https, microsoft-ds }"
nat on $ext_if from $jail_addr to any -> $ext_if
rdr pass on $ext_if proto tcp from any to $base_addr port $tcp_forwards -> $jail_addr
rdr pass on $ext_if proto udp from any to any port $udp_forwards -> $jail_addr
pass in on $ext_if proto tcp from port $tcp_forwards to $ext_if flags S/SA keep state
pass in on $ext_if proto udp from port $udp_forwards to $ext_if keep state
pass in all
pass out allThe above works great for samba file shares, http/https and swat requests, but when I try to access the printer share, XP machine whines "This operation could not be completed. Either the printer name was typed incorrectly, or the specified printer has lost its connection with the server."
If I use the jail's IP directly, though, I can access the print share (and all other services) and use it without problems.
Here is the pertinent samba log with log level 5:
http://pastebin.com/m50604197
Code:
[2009/05/09 23:16:30, 5] rpc_parse/parse_prs.c:prs_werror(830)
0014 status code: WERR_INVALID_PRINTER_NAMEI appreciate any and all advice...
