[Samba] Problems with firewalls and samba.

Göran Höglund goran.hoglund at telemar.se
Wed May 7 13:07:36 GMT 2003 

Hi,
Seems as I explained my situation a little bit bad...
I do a NAT from 192.168.1.123 to 192.168.0.123 in my FW (sorry I missed
that information). I can see some of the packages on both sides of the
FW but not those that I expect.

And as I mentioned the SMTP server as well as the Web and POP3 server
are reached without any problem.

I somehow guess this is a routing problem, but I can not see where.
Göran

-----Ursprungligt meddelande-----
Från: samba-bounces+jkajau=ziscosteel.co.zw at lists.samba.org
[mailto:samba-bounces+jkajau=ziscosteel.co.zw at lists.samba.org] För
Marian Mlcoch, Ing
Skickat: den 7 maj 2003 15:02
Till: Göran Höglund; samba at lists.samba.org
Ämne: Re: [Samba] Problems with firewalls and samba.


Hey you
on FW you pass to 192.168.1.123 but your samba is 192.168.0.123 Set you
corect!

Bye.

----- Original Message -----
From: "Göran Höglund" <goran.hoglund at telemar.se>
To: <samba at lists.samba.org>
Sent: Wednesday, May 07, 2003 10:44 AM
Subject: [Samba] Problems with firewalls and samba.


> Hi list,
> I have a delicate problem with my groupserver running Solaris 8 and 
> samaba 2.2.7a.
>
> On the same net that the server resides lets call it 192.168.0.X there

> is no problem with smb access from any client unix or winXP. But from 
> an other net divided from the internal by an ip-filter based fw lets 
> call that other net 192.168.1.X the packages seems to pass our server 
> completlly.
>
> When I sniff on my internel net as well as the external I can see 
> packages pass through the FW. The rules in this FW is set to quote:
> # allow samba fom dmz to smb-server
> pass in log quick on le0 proto tcp from any to 192.168.1.123/32 port =
> 135 keep state
> pass in log quick on le0 proto tcp from any to 192.168.1.123/32 port =
> 137 keep state
> pass in log quick on le0 proto tcp from any to 192.168.1.123/32 port =
> 138 keep state
> pass in log quick on le0 proto tcp from any to 192.168.1.123/32 port =
> 139 keep state
> pass in log quick on le0 proto tcp from any to 192.168.1.123/32 port =
> 445 keep state
>
> pass in log quick on le0 proto udp from any to 192.168.1.123/32 port =

> 135 keep state pass in log quick on le0 proto udp from any to 
> 192.168.1.123/32 port = 137 keep state
> pass in log quick on le0 proto udp from any to 192.168.1.123/32 port =
> 138 keep state
> pass in log quick on le0 proto udp from any to 192.168.1.123/32 port =
> 139 keep state
> pass in log quick on le0 proto udp from any to 192.168.1.123/32 port =
> 445 keep state
> Unquote
>
> To make the problem a little bit more delicate, the clients on the DMZ

> is passing through an other FW from Check point using their VPN client

> software securemote. The clients show up with the IP address supplyed 
> by their respective ISP. They have no problem to access the POP3/IMAP 
> server on the same host as the smb-server. They can also access the 
> Web server as well.
>
> In my smb.conf I have set following:
> Workgroup = MYOFFICE
> Netbio name = GROUPSERVER
> security = user
> encrypt passwords = Yes
> domain master = yes
> socket address = 192.168.0.123
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>
> Göran
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list