[Samba] Problems with firewalls and samba.

Marian Mlcoch, Ing mm at tsmp.sk
Fri May 9 10:19:17 GMT 2003 

Try yuo connect to samba by IP adress not netbios name at PC afther FW.
net use x: \\192.168.0.123
or net view \\192.168.0.123
or cd  \\192.168.0.123 (in windows commander)
when works and you need connect with netbios name yuo must setup wins server
and use it on all PC or try use lmhost file on remote pcs.

Bye.

PS>When yuo connect to SMTP what IP use? Try this ip on commands before. Why
use NAT?

----- Original Message -----
From: "Göran Höglund" <goran.hoglund at telemar.se>
To: <samba at lists.samba.org>
Sent: Wednesday, May 07, 2003 3:07 PM
Subject: RE: [Samba] Problems with firewalls and samba.


> Hi,
> Seems as I explained my situation a little bit bad...
> I do a NAT from 192.168.1.123 to 192.168.0.123 in my FW (sorry I missed
> that information). I can see some of the packages on both sides of the
> FW but not those that I expect.
>
> And as I mentioned the SMTP server as well as the Web and POP3 server
> are reached without any problem.
>
> I somehow guess this is a routing problem, but I can not see where.
> Göran
>
> -----Ursprungligt meddelande-----
> Från: samba-bounces+jkajau=ziscosteel.co.zw at lists.samba.org
> [mailto:samba-bounces+jkajau=ziscosteel.co.zw at lists.samba.org] För
> Marian Mlcoch, Ing
> Skickat: den 7 maj 2003 15:02
> Till: Göran Höglund; samba at lists.samba.org
> Ämne: Re: [Samba] Problems with firewalls and samba.
>
>
> Hey you
> on FW you pass to 192.168.1.123 but your samba is 192.168.0.123 Set you
> corect!
>
> Bye.
>
> ----- Original Message -----
> From: "Göran Höglund" <goran.hoglund at telemar.se>
> To: <samba at lists.samba.org>
> Sent: Wednesday, May 07, 2003 10:44 AM
> Subject: [Samba] Problems with firewalls and samba.
>
>
> > Hi list,
> > I have a delicate problem with my groupserver running Solaris 8 and
> > samaba 2.2.7a.
> >
> > On the same net that the server resides lets call it 192.168.0.X there
>
> > is no problem with smb access from any client unix or winXP. But from
> > an other net divided from the internal by an ip-filter based fw lets
> > call that other net 192.168.1.X the packages seems to pass our server
> > completlly.
> >
> > When I sniff on my internel net as well as the external I can see
> > packages pass through the FW. The rules in this FW is set to quote:
> > # allow samba fom dmz to smb-server
> > pass in log quick on le0 proto tcp from any to 192.168.1.123/32 port =
> > 135 keep state
> > pass in log quick on le0 proto tcp from any to 192.168.1.123/32 port =
> > 137 keep state
> > pass in log quick on le0 proto tcp from any to 192.168.1.123/32 port =
> > 138 keep state
> > pass in log quick on le0 proto tcp from any to 192.168.1.123/32 port =
> > 139 keep state
> > pass in log quick on le0 proto tcp from any to 192.168.1.123/32 port =
> > 445 keep state
> >
> > pass in log quick on le0 proto udp from any to 192.168.1.123/32 port =
>
> > 135 keep state pass in log quick on le0 proto udp from any to
> > 192.168.1.123/32 port = 137 keep state
> > pass in log quick on le0 proto udp from any to 192.168.1.123/32 port =
> > 138 keep state
> > pass in log quick on le0 proto udp from any to 192.168.1.123/32 port =
> > 139 keep state
> > pass in log quick on le0 proto udp from any to 192.168.1.123/32 port =
> > 445 keep state
> > Unquote
> >
> > To make the problem a little bit more delicate, the clients on the DMZ
>
> > is passing through an other FW from Check point using their VPN client
>
> > software securemote. The clients show up with the IP address supplyed
> > by their respective ISP. They have no problem to access the POP3/IMAP
> > server on the same host as the smb-server. They can also access the
> > Web server as well.
> >
> > In my smb.conf I have set following:
> > Workgroup = MYOFFICE
> > Netbio name = GROUPSERVER
> > security = user
> > encrypt passwords = Yes
> > domain master = yes
> > socket address = 192.168.0.123
> > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> >
> > Göran
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list