2

我正在尝试来自 Alfresco 的 SMB/CIFS Java 实现,名为 Alfresco JLan。

我的服务器已正常运行,但我正在为 SMB 使用非特权端口(1445、1139、1138、1137)。

我使用了那个shell代码:

echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe iptable_nat
iptables -F
iptables -t nat -F
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 445 -j REDIRECT --to-ports 1445
iptables -t nat -A PREROUTING -p tcp --dport 139 -j REDIRECT --to-ports 1139
iptables -t nat -A PREROUTING -p udp --dport 137 -j REDIRECT --to-ports 1137
iptables -t nat -A PREROUTING -p udp --dport 138 -j REDIRECT --to-ports 1138

如果我尝试:

telnet localhost 1445

一切顺利

但是,当我尝试:

telnet localhost 445

我收到:

Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused

有谁知道出了什么问题?我正在使用 Ubuntu 12.04。

4

2 回答 2

3

由于某种原因localhost需要特殊处理。添加

iptables -t nat -A OUTPUT -p tcp -d 127.0.0.1 --dport 445 -j REDIRECT --to-port 1445
iptables -t nat -A OUTPUT -p tcp -d 127.0.0.1 --dport 139 -j REDIRECT --to-port 1139
iptables -t nat -A OUTPUT -p tcp -d 127.0.0.1 --dport 137 -j REDIRECT --to-port 1137
iptables -t nat -A OUTPUT -p tcp -d 127.0.0.1 --dport 138 -j REDIRECT --to-port 1138

应该没问题。

也就是说,我个人从 切换iptablesauthbind以避免 root 执行。它甚至更容易设置。

于 2013-05-30T13:54:39.320 回答
0

http://wiki.alfresco.com/wiki/Changing_Bind_Addresses_and_Ports_for_Samba_and_FTP

Word from the wise. Avoid doing redirects like above. They are recipes for cat fights between Samba and Alfresco. Loopback is in fact 127.*. .* under Linux. So 127.0.0.2 could have been giving to Alfresco so leaving 127.0.0.1 to samba. In host file you can declare a name owning to .localdomain or what ever the network wide DNS lookup will be.

To be truthful without setting Alfresco and samba to own zones it is a straight up recipe for cat fights between them at some point.

There is a major bug alfresco documentation when it comes to setting samba. http://lists.samba.org/archive/samba/1997-November/004810.html Don't use socket address at all. Only use interfaces stuff in samba config

interfaces = 192.168.129.2/255.255.255.0 127.0.0.1

bind interfaces only = yes

Notice the 192.168.129.0 in the Alfresco example is now a 192.168.129.2. Yes this is the correct way to declare samba address. Also notice they missed the 127.0.0.1 fact that is required so samba tools work.

Basically its better to tell the two programs to go stand in there own areas straight off bat.

Why must samba have 127.0.0.1 even if you are not running samba. smbpasswd and other samba tools will attempt to access 127.0.0.1. Yes cat fights. Some of sambas tools expect samba to be 127.0.0.1 they break if it not. Yes samba tools accessing alfresco might break alfresco as well. Its just highly not a good idea to redirect 127.0.0.1 particularly when we have tones more loopback addresses.

Yes both alfresco and samba are both going after exactly the same interfaces. Alfresco is the alien. Alfresco will not have PAM the Linux login system using it. So 127.0.0.1 should be kept out of Alfresco hands.

于 2013-11-19T02:09:45.800 回答