[Samba] Problems with firewalls and samba.

Marian Mlcoch, Ing mm at tsmp.sk
Wed May 7 13:01:39 GMT 2003


Hey you
on FW you pass to 192.168.1.123 but your samba is 192.168.0.123
Set you corect!

Bye.

----- Original Message -----
From: "Göran Höglund" <goran.hoglund at telemar.se>
To: <samba at lists.samba.org>
Sent: Wednesday, May 07, 2003 10:44 AM
Subject: [Samba] Problems with firewalls and samba.


> Hi list,
> I have a delicate problem with my groupserver running Solaris 8 and
> samaba 2.2.7a.
>
> On the same net that the server resides lets call it 192.168.0.X there
> is no problem with smb access from any client unix or winXP. But from an
> other net divided from the internal by an ip-filter based fw lets call
> that other net 192.168.1.X the packages seems to pass our server
> completlly.
>
> When I sniff on my internel net as well as the external I can see
> packages pass through the FW.
> The rules in this FW is set to quote:
> # allow samba fom dmz to smb-server
> pass in log quick on le0 proto tcp from any to 192.168.1.123/32 port =
> 135 keep state
> pass in log quick on le0 proto tcp from any to 192.168.1.123/32 port =
> 137 keep state
> pass in log quick on le0 proto tcp from any to 192.168.1.123/32 port =
> 138 keep state
> pass in log quick on le0 proto tcp from any to 192.168.1.123/32 port =
> 139 keep state
> pass in log quick on le0 proto tcp from any to 192.168.1.123/32 port =
> 445 keep state
>
> pass in log quick on le0 proto udp from any to 192.168.1.123/32 port =
> 135 keep state
> pass in log quick on le0 proto udp from any to 192.168.1.123/32 port =
> 137 keep state
> pass in log quick on le0 proto udp from any to 192.168.1.123/32 port =
> 138 keep state
> pass in log quick on le0 proto udp from any to 192.168.1.123/32 port =
> 139 keep state
> pass in log quick on le0 proto udp from any to 192.168.1.123/32 port =
> 445 keep state
> Unquote
>
> To make the problem a little bit more delicate, the clients on the DMZ
> is passing through an other FW from Check point using their VPN client
> software securemote. The clients show up with the IP address supplyed by
> their respective ISP. They have no problem to access the POP3/IMAP
> server on the same host as the smb-server. They can also access the Web
> server as well.
>
> In my smb.conf I have set following:
> Workgroup = MYOFFICE
> Netbio name = GROUPSERVER
> security = user
> encrypt passwords = Yes
> domain master = yes
> socket address = 192.168.0.123
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>
> Göran
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba



More information about the samba mailing list