I own a linux server who's public ip is a.b.c.d.
This server hosts websites using apache2 and other services (other webservers frontends on port != 80/443, things like databases and erp etc..).
Furthermore I'd like to access files on this server using samba from windows (xp/2003) and linux machines. (Until now i was using sftp).
For this purpose i first configured openerp using tunneling, everything worked great except samba. Actually i don't want samba (neither other private services like databases or our erp) to listen on my server's public ip/interface(eth0), but only on it's virtual tun0(10.8.0.1) interface.
I've read this : http://openvpn.net/index.php/open-sourc ... html#samba which states :
(i added the "bind interfaces only = yes" directive and only left "interfaces = 10.8.0.0/24", and even tried with interfaces=tun0)If you are running the Samba and OpenVPN servers on the same machine, you may want to edit the interfaces directive in the smb.conf file to also listen on the TUN interface subnet of 10.8.0.0/24:
interfaces = 10.66.0.0/24 10.8.0.0/24
but i'm facing this exact same problem : http://www.spinics.net/lists/samba/msg82857.html
then follows a samba core coz of no network interface found.open_sockets: Broadcast sockets opened.
not adding non-broadcast interface tun0
WARNING: no network interfaces found
If I don't use this "interfaces" thing, everything works fine, except samba listens also on a.b.c.d. It's true that i can add "hosts allow = 10.8.0.0/24", but that's still not acceptable since i don't want my 137/139 ports opened to the world.
I understand samba refuses to listen on a non broadcast interface and it seems to me the only alternative left is to use a bridged openvpn configuration (actually is to let samba listen on a tap device, not a tun one).
My problem here is my server is not running on a subnet, and it only have one public physical interface and.. well i really don't see how can i run a virtual subnet then bridge this subnet using openvpn...
To conclude : It seems I want a level 2 tunneled configuration (using tap devices..), am i right? how to do that?
Any help or advice would be greatly appreciated