Antwort: Re: Problems Accessing Samba through a Firewall
MH - Entwicklung
entwicklung at heubach-edv.de
Tue Jan 22 00:40:55 GMT 2002
Well,
I missed to explain some details about the network structure:
As mentioned the Samba host sits in the DMZ behind a firewall.
The LAN is organized as an NT Domain with MS NT Servers. Windows Name Resolution is done via DNS and LMHOSTS. DNS is working fine (on both servers and clients) also LMHOSTS has no missleading entries.
If I enter an UNC Path like \\myserver\myshare in Windows Explorer this should directly invoke a netbios session on Port 139, I suppose? There should be no other protocols involved. If indeed browsing is the problem it should work by opening ports 137/138 UDP? Maybe there is a missconfiguration in the firewall. I will check this in the afternoon (as I mentioned the firewall is not maintained by me).
In order to have full access to a smb server (Samba or Windows) it should be sufficient to open Port 139 TCP and 137/138 UDP towards the smb server. Is this correct?
Regards
Manfred
----- Original Message -----
From: "Mathias Wohlfarth" <MathiasWohlfarth at bwb.org>
To: "samba" <samba at lists.samba.org>
Sent: Monday, January 21, 2002 6:52 PM
Subject: Antwort: Re: Problems Accessing Samba through a Firewall
>
> Connecting through subnetworks is working fine, if you configure Samba as
> Winsserver and the client to use the SambaServer as a Wins-server.
> Names are resolved without the need of broadcast.
> regards MW
>
>
>
>
> David Collier-Brown <davecb at canada.sun.com>@lists.samba.org on 21.01.2002
> 18:22:29
>
> Bitte antworten an David.Collier-Brown at Sun.COM
>
> Gesendet von: samba-admin at lists.samba.org
>
>
> An: heubach at heubach-edv.de
> Kopie: samba at lists.samba.org
> Org.Element:
> Telefon:
> Thema: Re: Problems Accessing Samba through a Firewall
>
>
> heubach at heubach-edv.de wrote:
>
> > I've got some problems with Samba 2.2.0 sitting in the DMZ behind a
> > firewall.
> >
> > I opened ports 137/138 UDP and 139 TCP to Samba. When I try to connect
> the
> > Samba machine from a Windows NT 4.0 Workstation I get the error message
> > "Networkpath not found". If i open all ports to the Samba host it will
> work.
> > After this I close all ports unless 139 TCP and it still works. But it
> stops
> > working after logging out and on again to the Windows NT host.
>
>
> Ok, ther's two parts to this situation:
> braodcast and unicast.
>
> Network neighbourhood is done using
> udp and some broadcasts: to get it to work
> you need a server on the subnet with the
> client. If you are maing the connection via
> NN, you have to have the machine accepting udp
> and directed broadcasts at the very least!
>
> Browsing and acerssing individual machines,
> however, is done with tcp, purely unicast.
>
> If you are maing the connection via windows
> explorer (not internet explorer) or the
> net use command, that's tcp, and you need
> only a name service and tcp.
> See
> http://www.oreilly.com/catalog/samba/chapter/book/ch09_02.html
> for the process of debugging it.
>
> A good netwrok snoop program like etherial
> will help you: tell it to just show the SMB
> packets and watch to see what ports they go to.
>
> --dave
> --
> David Collier-Brown, | Always do right. This will gratify
> Performance & Engineering | some people and astonish the rest.
> Americas Customer Engineering, | -- Mark Twain
> (905) 415-2849 | davecb at canada.sun.com
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list