Resolved: Can't see network neighbourhood

lukekendall at optushome.com.au lukekendall at optushome.com.au
Wed Oct 31 03:23:13 GMT 2001


Joel, Bill, I got some key help from George Vieira, on the SLUG mailing
list.  He wrote:

>  You should turn the firewall rules off between the 2 machine for now until
>  the problems solved.
>  
>  What protocols does the windows machine have installed?
>  Yes, dual boot the linux box into windows and see if it can see itself on
>  Network Neighbourhood, coz' it should. Then go from there..

That was the problem.  By turning off all the firewall rules, it instantly
started working!

I don't know much about networking really, nor ipchains, but I
remembered that an "ipchains -F" flushes all the rules, so I did that,
and the Win95 machine could see everything just fine.

I guess the basic rules were determined during my RH7.1 installation,
where I think I opted for medium level security.  The trouble was,
there are two network cards installed, but I really only use one of
them (the 4-port hub/firewall appliance came after the RH7.1 install,
when I thought I'd need one interface card for the internal network
and one for the external).

And I think the RH install got subtly confused by that.

Anyway, a quick poke about showed me the file /etc/sysconfig/ipchains
which had:

:input ACCEPT
:forward ACCEPT
:output ACCEPT
-A input -s 0/0 -d 0/0 2049 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 25 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 80 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT
-A input -s 0/0 67:68 -d 0/0 67:68 -p udp -i eth0 -j ACCEPT
-A input -s 0/0 67:68 -d 0/0 67:68 -p udp -i eth1 -j ACCEPT
-A input -s 0/0 -d 0/0 -i lo -j ACCEPT
-A input -s 0/0 -d 0/0 -i eth0 -j ACCEPT
-A input -p tcp -s 0/0 -d 0/0 0:1023 -y -j REJECT
-A input -p tcp -s 0/0 -d 0/0 2049 -y -j REJECT
-A input -p udp -s 0/0 -d 0/0 0:1023 -j REJECT
-A input -p udp -s 0/0 -d 0/0 2049 -j REJECT
-A input -p tcp -s 0/0 -d 0/0 6000:6009 -y -j REJECT
-A input -p tcp -s 0/0 -d 0/0 7100 -y -j REJECT

Suspecting the line:

	-A input -s 0/0 -d 0/0 -i eth0 -j ACCEPT

should have been an accept for *eth1*, the active ethernet card, I
changed it and did an "ipchains start" - and could still see the network
neighbourhood from the Win95 machine.

So, a useful tip to put into DIAGNOSIS.txt would be: turn off all
firewall rules, if you're getting desperate!

Running firewall rules on the Linux server which is already behind a
firewall could arguably said to be overkill anyway!  :-)

I'm now a happy Samba camper!  Now to turn log level back down to 0.

Thanks for all the helpful advice and patience,

Regards,

luke





More information about the samba mailing list