SOLVED Problems Accessing Samba through a Firewall

MH - Entwicklung entwicklung at heubach-edv.de
Tue Jan 22 06:07:56 GMT 2002 

Hello!

We had a misconfiguration on the firewall. Windows uses low UDP client ports, which were not allowed to pass the firewall.

Everything's fine now.

Thanks
Manfred

----- Original Message ----- 
From: "Mathias Wohlfarth" <MathiasWohlfarth at bwb.org>
To: "samba" <samba at lists.samba.org>
Sent: Monday, January 21, 2002 6:52 PM
Subject: Antwort: Re: Problems Accessing Samba through a Firewall


> 
> Connecting through subnetworks is working fine, if you configure Samba as
> Winsserver and the client to use the SambaServer as a Wins-server.
> Names are resolved without the need of broadcast.
> regards MW
> 
> 
> 
> 
> David Collier-Brown <davecb at canada.sun.com>@lists.samba.org on 21.01.2002
> 18:22:29
> 
> Bitte antworten an David.Collier-Brown at Sun.COM
> 
> Gesendet von:     samba-admin at lists.samba.org
> 
> 
> An:      heubach at heubach-edv.de
> Kopie:   samba at lists.samba.org
> Org.Element:
> Telefon:
> Thema:   Re: Problems Accessing Samba through a Firewall
> 
> 
> heubach at heubach-edv.de wrote:
> 
> > I've got some problems with Samba 2.2.0 sitting in the DMZ behind a
> > firewall.
> >
> > I opened ports 137/138 UDP and 139 TCP to Samba. When I try to connect
> the
> > Samba machine from a Windows NT 4.0 Workstation I get the error message
> > "Networkpath not found". If i open all ports to the Samba host it will
> work.
> > After this I close all ports unless 139 TCP and it still works. But it
> stops
> > working after logging out and on again to the Windows NT host.
> 
> 
>       Ok, ther's two parts to this situation:
>       braodcast and unicast.
> 
>       Network neighbourhood is done using
>       udp and some broadcasts: to get it to work
>       you need a server on the subnet with the
>       client.  If you are maing the connection via
>       NN, you have to have the machine accepting udp
>       and directed broadcasts at the very least!
> 
>       Browsing and acerssing individual machines,
>       however, is done with tcp, purely unicast.
> 
>       If you are maing the connection via windows
>       explorer (not internet explorer) or the
>       net use command, that's tcp, and you need
>       only a name service and tcp.
>       See
> http://www.oreilly.com/catalog/samba/chapter/book/ch09_02.html
>       for the process of debugging it.
> 
>       A good netwrok snoop program like etherial
>       will help you: tell it to just show the SMB
>       packets and watch to see what ports they go to.
> 
> --dave
> --
> David Collier-Brown,           | Always do right. This will gratify
> Performance & Engineering      | some people and astonish the rest.
> Americas Customer Engineering, |                      -- Mark Twain
> (905) 415-2849                 | davecb at canada.sun.com
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list