Reputation: 297
Why Linux doesn't redirect Samba port on Alfresco JLAN?
I'm trying an SMB/CIFS Java implementation from Alfresco, named Alfresco JLan.
My server has stand up correctly, but I'm using non-privileged ports for SMB (1445, 1139, 1138, 1137).
I've used that shell code:
echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe iptable_nat
iptables -F
iptables -t nat -F
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 445 -j REDIRECT --to-ports 1445
iptables -t nat -A PREROUTING -p tcp --dport 139 -j REDIRECT --to-ports 1139
iptables -t nat -A PREROUTING -p udp --dport 137 -j REDIRECT --to-ports 1137
iptables -t nat -A PREROUTING -p udp --dport 138 -j REDIRECT --to-ports 1138
If I try:
telnet localhost 1445
everything goes OK.
But, when I try with:
telnet localhost 445
I receive:
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
Does anyone know what is wrong? I'm using Ubuntu 12.04.
Upvotes: 2
Views: 994
Answers (2)
Reputation: 1
http://wiki.alfresco.com/wiki/Changing_Bind_Addresses_and_Ports_for_Samba_and_FTP
Word from the wise. Avoid doing redirects like above. They are recipes for cat fights between Samba and Alfresco. Loopback is in fact 127.*. .* under Linux. So 127.0.0.2 could have been giving to Alfresco so leaving 127.0.0.1 to samba. In host file you can declare a name owning to .localdomain or what ever the network wide DNS lookup will be.
To be truthful without setting Alfresco and samba to own zones it is a straight up recipe for cat fights between them at some point.
There is a major bug alfresco documentation when it comes to setting samba. http://lists.samba.org/archive/samba/1997-November/004810.html Don't use socket address at all. Only use interfaces stuff in samba config
interfaces = 192.168.129.2/255.255.255.0 127.0.0.1
bind interfaces only = yes
Notice the 192.168.129.0 in the Alfresco example is now a 192.168.129.2. Yes this is the correct way to declare samba address. Also notice they missed the 127.0.0.1 fact that is required so samba tools work.
Basically its better to tell the two programs to go stand in there own areas straight off bat.
Why must samba have 127.0.0.1 even if you are not running samba. smbpasswd and other samba tools will attempt to access 127.0.0.1. Yes cat fights. Some of sambas tools expect samba to be 127.0.0.1 they break if it not. Yes samba tools accessing alfresco might break alfresco as well. Its just highly not a good idea to redirect 127.0.0.1 particularly when we have tones more loopback addresses.
Yes both alfresco and samba are both going after exactly the same interfaces. Alfresco is the alien. Alfresco will not have PAM the Linux login system using it. So 127.0.0.1 should be kept out of Alfresco hands.
Upvotes: 0
Reputation: 6159
For some reason localhost needs special treatment. Add
iptables -t nat -A OUTPUT -p tcp -d 127.0.0.1 --dport 445 -j REDIRECT --to-port 1445
iptables -t nat -A OUTPUT -p tcp -d 127.0.0.1 --dport 139 -j REDIRECT --to-port 1139
iptables -t nat -A OUTPUT -p tcp -d 127.0.0.1 --dport 137 -j REDIRECT --to-port 1137
iptables -t nat -A OUTPUT -p tcp -d 127.0.0.1 --dport 138 -j REDIRECT --to-port 1138
and it should be fine.
That said, I personally switched from iptables to authbind to avoid root execution. It is even easier to set up.
Upvotes: 3
Related Questions
- SMB server on Android (non default port)
- Alfresco - /alfresco and /share difference
- Why localhost:8081/share can not be open?
- Alfresco Share - Unable to change the default port number
- Alfresco CIFS Server ERROR
- Unable to login to Afresco share after changing the port no
- Alfresco, access the server from local network
- Unable to access Alfresco's CIFS under Windows
- Alfresco 4.2c CIFS configuration issue
- Alfresco share login issue