UPDATE:
Wait, wait, I need to update this. It has got to be written that I made it work after weeks and weeks of toil.
Okay deep breaths.
First, a little background: I've been trying to Setup Samba and Internet Connection Sharing for my mixed Local Area Network: Windows XP, Windows XP, and Ubuntu. Go here to see details of my problem and a diagram of our Local Area Network.
Here goes.
DISCLAIMER:
It worked for me. It might not for you. So don't blame me if you broke your PC too.
The solution for me was threefold. I followed these 3 guides and I believe that they all played a part in solving my problem. Without each I would not have solved it.
Internet Connection Sharing:
First http://ubuntuforums.org/showthread.php?t=713874
Second http://ubuntuforums.org/showthread.php?t=91370
Setting Up Samba to Enable File Sharing Between Windows and Ubuntu in a Local Area Network.
Third http://ubuntuforums.org/showthread.php?t=202605&page=2
I will put these forum posts here to preserve their value so to speak - after I eat dinner!
UPDATE: Dinner is over!
First ICS HowTo Forum Post by SpaceTeddy:
I keep reading that people want to share their internet connection through an Ubuntu computer. So, i will put down a few basic steps that one has to do to turn any ubuntu installation into a basic gateway for other computers.
The Settings i am going to write down here are permanent ! so please remember this if you use a mobile device that it will always (!) act as a gateway for the configured network card.
In the following, i will refer to the network device that is connected to the internet as eth1. It is not compulsory that the internet device is called that - other possible names are: eth0, ath0, ppp0, ... and many more.
The computer/network with the clients is, in my case, connected to the network device eth0. This can also vary quite a lot, too.
Please make sure you know what device is which for you, and adjust all commands and configurations accordingly.
The basic scheme of what this setup looks like is:
PC-Client <---> PC-Gateway (ubuntu) <---> Internet
Prerequisites
Your ubuntu Computer has internet connection and you know which network device provides this functionality.
NOTE: how you are connected to the internet does not matter (ethernet, cable, wifi, dsl), as long as you have a second network device besides the one you are connection this should work.
Configuring the network card
the network card that serves the clients (eth0) needs a static ip address. This can be done outside of network manager and would be recommended that way, since you might need nm to still connect the gateway to the internet itself.
Note that this will result in network-manager to completely ignore the network card that you configured for the client network, thus rendering eth0 unavailable in nm.
edit the network configuration file and set eth0 to a static ip. to open the config use this command
now, to configure eth0, you will need add a few lines to the file. Also, this configuration ONLY works on ethernet cards, NOT on wireless. If you need a wireless card to be manually configures, there are a few sticky threads in this forum that will explain how to do it. I'll try to update this later and make sure i have an example for wireless cards ready aswellCode:gksu /etc/network/interfaces
add the following lines to the file
This will set a static ip address for eth0 (10.8.16.1) and take the network card out of nm. these changes only take effect after rebooting. To temporarily use these settings, issue this command:Code:auto eth0 iface eth0 inet static address 10.8.16.1 netmask 255.255.255.0 broadcast 10.8.16.0 network 10.8.16.0
Enable IP forwardingCode:sudo ifconfig eth0 10.8.16.1
Port forwarding is turned off in ubuntu by default. But it is needed so that the Computer will forward pakets it receives. To enable port forwarding, issue the following command
and look for the following lineCode:gsku gedit /etc/sysctl.conf
once that one is found, remove the # so that it reads to beCode:#net.ipv4.conf.default.forwarding=1
These changes will take effect with the next reboot. if you want them to take effect right now, use these commandsCode:net.ipv4.conf.default.forwarding=1
[Update]Code:sudo sysctl -w net.ipv4.ip_forward=1
it has been reported multiple times that the sysctl.conf got ignored. You can check that issueing this command after a reboot:
if the answer is still 0. you will need to add a line to /etc/rc.local. open it to edit withCode:sudo sysctl net.ipv4.ip_forward
and add this line BEFORE the exit 0 in the fileCode:sudo gedit /etc/rc.local
then reboot and check with the above command if it still returns 0. ONLY do this change if you have to, as this is an ugly hack to force setting...Code:sysctl -w net.ipv4.ip_forward=1
[/Update]
Configuring iptables (paket filter)
In order to allow pakets to pass though the router, we need to add a couple of iptables rules to the filter so that everything may pass our machine. Also we need to rewrite the pakets so that they can find their way back to us.
open the file /etc/rc.local with
and add the following linesCode:gksu gedit /etc/rc.local
Doing it this way is neither elegant nor very secure, but it is basic and it should work. If you are worried about security issues, i suggest you read up in iptables and how to confugure the rules more secure than simply letting anything pass through.Code:/sbin/iptables -P FORWARD ACCEPT /sbin/iptables --table nat -A POSTROUTING -o eth1 -j MASQUERADE
again, these changes only take effect after a reboot.
to make the changes take effect right now, use these commands
Configuring the clientCode:sudo iptables -P FORWARD ACCEPT sudo iptables --table nat -A POSTROUTING -o eth1 -j MASQUERADE
There are two ways to configure the client - one is a static, manual config. If you would like to do this, then give the client an ip-address in the network 10.8.16.0/24 (i.e. 10.8.16.2), the gateway 10.8.16.1 and a dns server from your computer (they can be found in the file /etc/resolv.conf)
If you have multiple client, or do not want to configure something staticially, you might want to look at setting up a basic dhcp server which issues network configurations to clients.
to install the server, type the following
this should install the dhcp-server on your machine. The start will fail, but that is nothing to worry about.Code:sudo apt-get install dhcp3-server
before the dhcp server itself can be configured, we need one more little bit of information. We need to know what dns servers are used so we can push then to the clients that will be configured via this server. to find out the currently used dns server, use this command
and note down the ip addresses that are written at the nameserver statementCode:cat /etc/resolv.conf
The next step is to configure the dhcp-server so it knows what ip-addresses to dish out and what settings.
for that, edit the file /etc/dhcp3/dhcpd.conf with this command
save the content in a different file (for later reference or if you want to do more with it later on), and then replace it with the following basic setup:Code:gksu gedit /etc/dhcp3/dhcpd.conf
The Bold entries in the config file have to replaced by the nameserver ip addresses that you previously got. if you only have one, remove the second one.Code:ddns-update-style none; option domain-name "mynetwork"; option domain-name-servers Nameserver1, Nameserver2; option routers 10.8.16.1; default-lease-time 42300; max-lease-time 84600; authoritative; log-facility local7; subnet 10.8.16.0 netmask 255.255.255.0 { range 10.8.16.50 10.8.16.150; }
the last thing to do before the server can be started is to tell it what interface to listen on. This can be configures in the file /etc/default/dhcp3-server.
open it with
and edit the line with the INTERFACES="" to readCode:gksu gedit /etc/default/dhcp3-server
the dhcp-server will be automaticially started upon reboot. to manually start it now use this commandCode:INTERFACES="eth0"
That is all you need for a basic setup of things.Code:sudo /etc/init.d/dhcp3-server start
Please be reminded that you need to always check the network devices in your computer aginst the ones in the config. If you configure blindly from this and your devices are swapped or named different, you can break you computers network entirely.
Second ICS HowTo Forum Post by anaoum:
Hello,
The following will explain how to share your Internet connection:
Note: Type all the following commands in a root terminal, DO NOT use sudo.
1. Start by configuring the network card that interfaces to the other computers on you network:
# ifconfig ethX ip
where ethX is the network card and ip is your desired server ip address (Usually 192.168.0.1 is used)
2. Then configure the NAT as follows:
# iptables -t nat -A POSTROUTING -o ethX -j MASQUERADE
where ethX is the network card that the Internet is coming from
# echo 1 > /proc/sys/net/ipv4/ip_forward
3. Install dnsmasq and ipmasq using apt-get:
# apt-get install dnsmasq ipmasq
4. Restart dnsmasq:
# /etc/init.d/dnsmasq restart
5. Reconfigure ipmasq to start after networking has been started:
# dpkg-reconfigure ipmasq
6. Repeat steps 1 and 2.
7. Add the line "net.ipv4.ip_forward = 1" to /etc/sysctl.conf
# gedit /etc/sysctl.conf
8. Reboot. (Optional)
I hope this helps.
Good luck!
Third Samba Setup Forum Post by Stormbringer
HOWTO: Setup Samba peer-to-peer with Windows
As many fellow Ubuntu users seem to have trouble setting up samba peer-to-peer with Windows I decided to write a small howto on this matter.
NOTE: I am aware that there's a wiki-page as well as several other howto's around - but by looking at the constant "how do I setup samba" posts that are floating around in the forum I simply see the need for a more thourough guide on this matter.
Feel free to contribute and suggest - it'll only help to make this howto a better guide.
The goal of this howto is to have samba act like a Windows Workstation in the LAN. As a "value added bonus" we will use samba to do netbios name resolution so that you can use the names of the workstations for network drive mapping instead of their ip-addresses (i.e.: \MY_WINDOWS_BOX\SHARE) - but only for as long as your Linux box has an static ip-address and is up and running.
This guide is based on Ubuntu 6.06 LTS and intended for all architectures (i386, AMD64, ...) - if you are still using Breezy it's safe to follow this guide as there should be no differencies.
A second guide on how to setup samba as Primary Domain Controller along with several other services such as DHCP, DNS and NTP will follow later on as this topic will be a little more thourough.
1. Prerequisites
- Your Linux box should have an static ip-address.
In case you're getting your ip from a router/server via DHCP make sure it's configured to provide a fixed dhcp-lease. If that's no valid option you cannot use WINS ... more on this way down.
- You need to have samba installed.
If you haven't done so already open a terminal and type:
Don't close the terminal upon installation - we still need the commandline to get several tasks done!Code:sudo apt-get install samba
2. Getting samba configured
First, let us make sure samba isn't running:
As a starting point I included an smb.conf below, and there are only a few simple things you may need to tweak.Code:sudo /etc/init.d/samba stop
Since the installation of samba just installed a rather useless template file we're going to rename it - we keep the file just in case.
Next we create a new empty fileCode:sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.template
And finally we need to open the file inside an editorCode:sudo touch /etc/samba/smb.conf
NOTE: If you're on KDE replace "gedit" with "kate"Code:sudo gedit /etc/samba/smb.conf
Copy / Paste the contents of the code-section below into your editor and read on ...
Ok, I already mentioned that there are a few simple things you may need to tweak; so here they are:Code:[global] ; General server settings netbios name = YOUR_HOSTNAME server string = workgroup = YOUR_WORKGROUP announce version = 5.0 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 passdb backend = tdbsam security = user null passwords = true username map = /etc/samba/smbusers name resolve order = hosts wins bcast wins support = yes printing = CUPS printcap name = CUPS syslog = 1 syslog only = yes ; NOTE: If you need access to the user home directories uncomment the ; lines below and adjust the settings to your hearts content. ;[homes] ;valid users = %S ;create mode = 0600 ;directory mode = 0755 ;browseable = no ;read only = no ;veto files = /*.{*}/.*/mail/bin/ ; NOTE: Only needed if you run samba as a primary domain controller. ; Not needed as this config doesn't cover that matter. ;[netlogon] ;path = /var/lib/samba/netlogon ;admin users = Administrator ;valid users = %U ;read only = no ; NOTE: Again - only needed if you're running a primary domain controller. ;[Profiles] ;path = /var/lib/samba/profiles ;valid users = %U ;create mode = 0600 ;directory mode = 0700 ;writeable = yes ;browseable = no ; NOTE: Inside this place you may build a printer driver repository for ; Windows - I'll cover this topic in another HOWTO. [print$] path = /var/lib/samba/printers browseable = yes guest ok = yes read only = yes write list = root create mask = 0664 directory mask = 0775 [printers] path = /tmp printable = yes guest ok = yes browseable = no ; Uncomment if you need to share your CD-/DVD-ROM Drive ;[DVD-ROM Drive] ;path = /media/cdrom ;browseable = yes ;read only = yes ;guest ok = yes [MyFiles] path = /media/samba/ browseable = yes read only = no guest ok = no create mask = 0644 directory mask = 0755 force user = YOUR_USERNAME force group = YOUR_USERGROUP
-> netbios name = YOUR_HOSTNAME
Replace "YOUR_HOSTNAME" with your desired hostname (don't use spaces!). Best pratice would be to use the same name you configured upon installation.
Example:
netbios name = DAPPER
-> workgroup = YOUR_WORKGROUP
Replace "YOUR_WORKGROUP" with the name of your workgroup, but make sure you're using the same as configured in Windows.
To find out the Workgroup name in Windows follow these steps:
- Click "START"
- Click "Control Panel"
- Click "System"
- Click the 2nd Tab entitled "Computername" and find the name of the Workgroup there.
Example:
workgroup = MSHOME
-> wins support = yes
If your box doesn't have a static ip-address, or you cannot configure your router/server to provide you with a fixed dhcp-lease, change this configuration parameter to "no".
In this case you cannot use the benefits of WINS.
-> [MyFiles]
This is the name of the share. Leave it as it is or adjust it to whatever you prefer. Don't use more than 31 characters and try to avoid spaces!
-> path = /media/samba/
This suggests that you've mounted an hard drive or partition on /media/samba where all the shared files will be stored.
In case you don't have an extra hard drive/partition you may also create folder.
I assume you've been wise enough to put /home onto a separate partition having an reasonable amount of storage space.
To create the folder type (inside a new terminal) ...
... and adjust "path =" to read ...Code:sudo mkdir /home/samba
path = /home/samba/
Remember that this is just an example - you are free to put things wherever you like.
-> force user = YOUR_USERNAME
-> force group = YOUR_USERNAME
Well, this should say it all. Replace "YOUR_USERNAME" with the name you use for login (no spaces!).
Example:
force user = stormbringer
force group = stormbringer
Now we completed the part of editing smb.conf
Save the file and close gedit.
Since we are going to share the folder with other users we should now make sure that the permissions are set. Type:
NOTE: Don't forget to correct the path to the location you chose above!Code:sudo chmod 0777 /media/samba
That's it - now we need to start samba ...
1.1 Starting samba and setting up user accounts
Let us fire up samba for the first time. Type:
There shouldn't be any errors - if you are presented with an error message make sure everything is correct (search for typos and/or invalid paths).Code:sudo /etc/init.d/samba start
Time to add yourself as an samba user.
NOTE: You will be asked for a password - make sure you use the same as you use for login!
In case you need other users to be able to access the share you need to add them to your system AND samba as well. Make sure you use the very same Windows usernames and passwords!Code:sudo smbpasswd -L -a your_username sudo smbpasswd -L -e your_username
NOTE: Windows XP doesn't set passwords for its useraccount per default. If you haven't set a password on your XP box just press enter when prompted to enter a password for the user account you're about to create!
In the following example we will add an user called "mark" ...
Example:
The "-s /bin/true" in the first line prevents the users from being able to access the commandline of your linux box ("-s" stands for "shell"). I strongly advise you to follow this recommendation! Don't change that setting to a valid login-shell unless you really know what you are doing!Code:sudo useradd -s /bin/true mark sudo smbpasswd -L -a mark sudo smbpasswd -L -e mark
Repeat this step until you configured all user accounts!
Now that we configured samba and created the user accounts we are done with the Linux-part - there's one more thing to do in Windows.
2. Changing network settings in Windows
Now we should let Windows know that there's a WINS server active in the network.
If you had to change "wins support" to "no" above skip this step!
- Click "START"
- Click "Control Panel"
- Click "Network Connections"
- Find your "LAN Connection"
- Right-click the icon and select "Properties"
- Select the "TCP/IP" Protocol and click the "Properties" button
- Click "Advanced"
- Select the third Tab entitled "WINS"
- Click "Add"
- Type in the ip-address of your Linux box
- Click "Add"
- Select "Use NetBIOS over TCP/IP"
- Click "OK"
- Click "OK"
- Click "OK"
- Reboot Windows
Upon reboot you may now map the network drive within Windows.
With WINS enabled:
- Click "START"
- Right-click "My Computer"
- Select "Map network drive"
- Choose the drive letter
- Type \\DAPPER\MyFiles
NOTE: Adjust this to the hostname and sharename you chose above!
- Click "Finish"
With WINS disabled:
- Click "START"
- Right-click "My Computer"
- Select "Map network drive"
- Choose the drive letter
- Type \\\MyFiles
NOTE: To find out the ip-address of your Linux box type "ifconfig" inside a terminal and find the ip for the correct interface (i.e. eth0). Don't forget to adjust the sharename to the name you chose above.
- Click "Finish"
That's it - samba is up and running now.
3. Security consideration
This is the right time to think about security right away.
In case your computer has more than one network connection (i.e. wired and wireless ethernet) you may want to restrict access to samba.
If not especially configured samba will bind its service to all available network interfaces.
So, let us assume you only want your wired network to have access and that the network card is called eth0.
Add the following lines to the [general] section of your smb.conf to achieve that goal:
If you did it correctly it should look similar to this:Code:interfaces = lo, eth0 bind interfaces only = true
Now only the local loopback interface (dubbed "lo") and eth0 are able to access samba - there's no need to fear that someone might break into your system by wireless as the interface isn't bound to the service.Code:[global] ; General server settings netbios name = YOUR_HOSTNAME server string = workgroup = YOUR_WORKGROUP announce version = 5.0 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = lo, eth0 bind interfaces only = true
4. Final words
If you happen to have any questions feel free to ask - I'll try to help as soon as possible.
If you find any mistakes in this howto please let me know so that I can fix them.
Feel free to contribute and suggest - help to make this howto a better guide.
5. Addendum: Useful links
Here are some links you may find useful.
The onsite links refer to other samba-guides and to ubuntu_daemon's "Important Links" thread.
- Onsite
Ubuntu Help: Windows Networkworking
Ubuntu Documentation: Setting up Samba
READ THIS FIRST prior to posting - IMPORTANT links (by ubuntu_daemon)
The offsite links refer to the offical Samba homepage and to a selected choice of their official documentation; these links are useful if you like to dig yourself into the mysteries of samba's configuration and usage as well as troubleshooting problems.
- Offsite
Samba Homepage
Practical Exercises in Successful Samba Deployment
The Official Samba-3 HOWTO and Reference Guide
Using Samba, 2nd Edition
Whew. That was a mouthful.
After doing all of those steps. I removed firestarter - which I suspect may also be a culprit to my ICS woes.
I did:
$ sudo apt-get purge firestarter
Configuring Windows XP as a host.
No comments:
Post a Comment