[Samba] weired problem while connecting
azeem ahmad
azeem484 at hotmail.com
Tue Jun 1 22:14:44 GMT 2004
hi all
i m connecting to my samba server from a windows xp client. whenever i
started my firewall script the client used to take 4 minutes to connect to
the samba server and i run IRIS (sniffer) on my windows xp box it captures a
packet as shown below
-------------------------------------------------------------------------------------------------------------------------------------
OPTIONS / HTTP/1.1
translate: f
User-Agent: Microsoft-WebDAV-MiniRedir/5.1.2600
Host: Subzero
Content-Length: 0
Connection: Keep-Alive
HTTP/1.0 504 Gateway Time-out
Server: squid/2.5.STABLE1
Mime-Version: 1.0
Date: Mon, 31 May 2004 18:13:57 GMT
Content-Type: text/html
Content-Length: 1056
Expires: Mon, 31 May 2004 18:13:57 GMT
X-Squid-Error: ERR_CONNECT_FAIL 110
X-Cache: MISS from proxy.ravians-hostel.net
Connection: keep-alive
ERROR
The requested URL could not be retrieved
--------------------------------------------------------------------------------
While trying to retrieve the URL:
http://subzero/
The following error was encountered:
Connection Failed
The system returned:
(110) Connection timed out
The remote host or network may be down. Please try the request again.
Your cache administrator is Mumraiz-Khan.
--------------------------------------------------------------------------------
Generated Mon, 31 May 2004 18:13:57 GMT by proxy.ravians-hostel.net
(squid/2.5.STABLE1)
-------------------------------------------------------------------------------------------------------------------------------------
but if i disable transparent redirection from my firewall then it takes
about 20 seconds or dont run the firewall then it browses the samba server
noramally. the firewall script is as below. and also in the latter two
conditions IRIS doesnt caputre this packet shown above
here is the firewall
-------------------------------------------------------------------------------------------------------------------------------------
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -F
iptables -t nat -F
modprobe ip_nat_ftp
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 42 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 53 -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 88 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 88 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 135 -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 137 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 137 -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 138 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 138 -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 139 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 139 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 389 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 636 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 445 -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 445 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 3268 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 3269 -j ACCEPT
iptables -P INPUT DROP
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -P FORWARD DROP
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -p tcp --dport 21 -j ACCEPT
iptables -A FORWARD -i eth0 -p tcp --dport 443 -j ACCEPT
iptables -A FORWARD -i eth0 -p tcp --dport 5000 -j ACCEPT
iptables -A FORWARD -i eth0 -p tcp --dport 5001 -j ACCEPT
iptables -A FORWARD -i eth0 -p tcp --dport 5005 -j ACCEPT
iptables -A FORWARD -i eth0 -p tcp --dport 5050 -j ACCEPT
iptables -A FORWARD -i eth0 -p tcp --dport 6660:6670 -j ACCEPT
iptables -A FORWARD -i eth0 -p tcp --dport 7000 -j ACCEPT
iptables -A FORWARD -i eth0 -p tcp --dport 28805 -j ACCEPT
iptables -A FORWARD -i eth0 -p tcp --dport 51215 -j ACCEPT
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
-------------------------------------------------------------------------------------------------------------------------------------
Regards
Azeem
_________________________________________________________________
Add photos to your messages with MSN 8. Get 2 months FREE*.
http://join.msn.com/?page=features/featuredemail
More information about the samba
mailing list