Can't see network neighbourhood

lukekendall at optushome.com.au lukekendall at optushome.com.au
Sun Oct 28 04:28:03 GMT 2001 

On 27 Oct, Joel Hammer wrote:
>  I am too tired to really think about all of this but: 
>  RH 7.1 has a firewall set up to keep out requests on port 137 and 139 by 
>  default. Check that out. 

Thanks, Joel, I think you're right.  So I did some more reading and
applied these ipchains calls:

INTERNAL_NET=192.168.1.0
DSL_IF=eth1
INTERNAL_IF=eth1
ipchains -A forward -p all -s $INTERNAL_NET -i $DSL_IF -j ACCEPT
ipchains -A input -p all -s $INTERNAL_NET -i $INTERNAL_IF -j ACCEPT
ipchains -A output -p all -d $INTERNAL_NET -i $INTERNAL_IF -j ACCEPT

So now an ipchains -L -n shows:

Chain input (policy ACCEPT):
target     prot opt     source                destination           ports
[...]
REJECT     tcp  -y----  0.0.0.0/0            0.0.0.0/0             * ->   7100
ACCEPT     all  ------  192.168.1.0          0.0.0.0/0             n/a
Chain forward (policy ACCEPT):
target     prot opt     source                destination           ports
ACCEPT     all  ------  192.168.1.0          0.0.0.0/0             n/a
Chain output (policy ACCEPT):
target     prot opt     source                destination           ports
ACCEPT     all  ------  0.0.0.0/0            192.168.1.0           n/a

It hasn't helped, though.  :-(

I still think the problem is Samba wants DNS to resolve the 2 local machine
names (Samba server "posh" and Win95 client "coo").  But I'm not running
DNS locally - I just use a little /etc/hosts file and in /etc/host.conf I
specify that the search order is: "hosts,bind".  DNS is provided by
Optus.

Is there any way to make Samba know the names of local hosts?

>  tcpdump is a real friend in this situation. 

Below, is what I see when I browse the network from Win95 while running
tcpdump -i eth1 on the Linux machine - the "posh.localdomain tcp port netbios-ssn unreachable"
looks bad, but I'm afraid I'm well out of my depth here.

Kernel filter, protocol ALL, TURBO mode (575 frames), datagram packet socket
tcpdump: listening on eth1
17:20:41.917587 > posh.localdomain > coo.localdomain: icmp: echo request (DF)
17:20:41.917587 B arp who-has posh.localdomain tell coo.localdomain
17:20:41.917587 > arp reply posh.localdomain (0:e0:29:9e:ab:b9) is-at 0:e0:29:9e:ab:b9 (0:c0:df:ea:84:a)
17:20:41.917587 < coo.localdomain > posh.localdomain: icmp: echo reply (DF)

17:21:00.597587 B coo.localdomain.netbios-dgm > 192.168.1.127.netbios-dgm: NBT UDP (138)
17:21:00.597587 > posh.localdomain.33656 > dns.syd.optusnet.com.au.domain: 32878+ PTR? 127.1.168.192.in-addr.arpa. (44) (DF)
17:21:00.807587 < dns.syd.optusnet.com.au.domain > posh.localdomain.33656: 32878 NXDomain* 0/1/0 (110)
17:21:00.807587 > posh.localdomain.33656 > dns.syd.optusnet.com.au.domain: 32879+ PTR? 132.75.2.203.in-addr.arpa. (43) (DF)
17:21:00.857587 < dns.syd.optusnet.com.au.domain > posh.localdomain.33656: 32879 1/3/4 PTR dns.syd.optusnet.com.au. (214)
17:21:04.287587 B 0:c0:df:ea:84:a > Broadcast sap e0 ui/C
17:21:05.597587 > arp who-has 192.168.1.1 tell posh.localdomain (0:e0:29:9e:ab:b9)
17:21:05.597587 < arp reply 192.168.1.1 is-at 0:4:5a:25:35:b (0:e0:29:9e:ab:b9)
17:21:05.597587 > posh.localdomain.33656 > dns.syd.optusnet.com.au.domain: 32880+ PTR? 1.1.168.192.in-addr.arpa. (42) (DF)
17:21:05.607587 < dns.syd.optusnet.com.au.domain > posh.localdomain.33656: 32880 NXDomain 0/1/0 (108)
17:21:08.757587 B 0:c0:df:ea:84:a > Broadcast sap e0 ui/C
17:21:08.767587 B 0:c0:df:ea:84:a > Broadcast sap e0 ui/C
17:21:08.777587 B 0:c0:df:ea:84:a > Broadcast sap e0 ui/C IPX/SMB
17:21:08.777587 B coo.localdomain.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
17:21:09.537587 B coo.localdomain.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
17:21:10.297587 B coo.localdomain.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
17:21:11.047587 < coo.localdomain.1028 > posh.localdomain.netbios-ssn: S 1394810:1394810(0) win 8192 <mss 1460> (DF)
17:21:11.047587 > posh.localdomain > coo.localdomain: icmp: posh.localdomain tcp port netbios-ssn unreachable (DF) [tos 0xc0] 
17:21:14.347587 < coo.localdomain.1028 > posh.localdomain.netbios-ssn: S 1394810:1394810(0) win 8192 <mss 1460> (DF)
17:21:14.347587 > posh.localdomain > coo.localdomain: icmp: posh.localdomain tcp port netbios-ssn unreachable (DF) [tos 0xc0] 
17:21:16.047587 > arp who-has coo.localdomain tell posh.localdomain (0:e0:29:9e:ab:b9)
17:21:16.047587 < arp reply coo.localdomain is-at 0:c0:df:ea:84:a (0:e0:29:9e:ab:b9)
17:21:20.937587 < coo.localdomain.1028 > posh.localdomain.netbios-ssn: S 1394810:1394810(0) win 8192 <mss 1460> (DF)
17:21:20.937587 > posh.localdomain > coo.localdomain: icmp: posh.localdomain tcp port netbios-ssn unreachable (DF) [tos 0xc0] 
17:21:34.117587 < coo.localdomain.1028 > posh.localdomain.netbios-ssn: S 1394810:1394810(0) win 8192 <mss 1460> (DF)
17:21:34.117587 > posh.localdomain > coo.localdomain: icmp: posh.localdomain tcp port netbios-ssn unreachable (DF) [tos 0xc0] 
17:21:40.577587 > posh.localdomain.netbios-dgm > 192.168.1.127.netbios-dgm: NBT UDP (138) (DF)
17:21:51.617587 > posh.localdomain.33656 > dns.syd.optusnet.com.au.domain: 49349+ A? mail.optushome.com.au. (39) (DF)
17:21:51.627587 < dns.syd.optusnet.com.au.domain > posh.localdomain.33656: 49349* 1/2/2 A mail-optushome.optusnet.com.au (132)
17:21:51.627587 > posh.localdomain.38882 > mail-optushome.optusnet.com.au.pop3: S 1590721202:1590721202(0) win 5840 <mss 1460,sackOK,timestamp 19319950 0,nop,wscale 0> (DF)
17:21:51.627587 > posh.localdomain.33656 > dns.syd.optusnet.com.au.domain: 32881+ PTR? 209.75.2.203.in-addr.arpa. (43) (DF)

Thanks for any advice anyone can offer.

luke

More information about the samba mailing list