[Samba] weired problem while connecting

azeem ahmad azeem484 at hotmail.com
Tue Jun 1 22:24:18 GMT 2004

thanks Mr. Paul Gienger
please tell me how can i do it on clients


>From: Paul Gienger <pgienger at ae-solutions.com>
>To: azeem ahmad <azeem484 at hotmail.com>
>CC: samba at lists.samba.org
>Subject: Re: [Samba] weired problem while connecting
>Date: Tue, 01 Jun 2004 17:21:24 -0500
>Your clients seem to be doing the usual web client searching.  You have a 
>couple of options.
>1. Go to each client machine and disable the webclient service.  I've had 
>mixed results with this, and it's a lot of leg work for you.
>2. Configure a web server on your samba box and let the traffic in on port 
>80.  What you do by doing this is that your webserver sees the requests for 
>some address and offers a quick and definitive no to the request rather 
>than the client waiting for a timeout.  Elegant solution? Not so much.  
>Gets the job done with the least amount of leg work both now and on new 
>clients? Yes.
>azeem ahmad wrote:
>>hi all
>>i m connecting to my samba server from a windows xp client. whenever i 
>>started my firewall script the client used to take 4 minutes to connect to 
>>the samba server and i run IRIS (sniffer) on my windows xp box it captures 
>>a packet as shown below
>>translate: f
>>User-Agent: Microsoft-WebDAV-MiniRedir/5.1.2600
>>Host: Subzero
>>Content-Length: 0
>>Connection: Keep-Alive
>>HTTP/1.0 504 Gateway Time-out
>>Server: squid/2.5.STABLE1
>>Mime-Version: 1.0
>>Date: Mon, 31 May 2004 18:13:57 GMT
>>Content-Type: text/html
>>Content-Length: 1056
>>Expires: Mon, 31 May 2004 18:13:57 GMT
>>X-Squid-Error: ERR_CONNECT_FAIL 110
>>X-Cache: MISS from proxy.ravians-hostel.net
>>Connection: keep-alive
>>The requested URL could not be retrieved
>>While trying to retrieve the URL:
>>The following error was encountered:
>>Connection Failed
>>The system returned:
>>    (110) Connection timed out
>>The remote host or network may be down.  Please try the request again.
>>Your cache administrator is Mumraiz-Khan.
>>Generated Mon, 31 May 2004 18:13:57 GMT by proxy.ravians-hostel.net 
>>but if i disable transparent redirection from my firewall then it takes 
>>about 20 seconds or dont run the firewall then it browses the samba server 
>>noramally. the firewall script is as below. and also in the latter two 
>>conditions IRIS doesnt caputre this packet shown above
>>here is the firewall
>>echo 1 > /proc/sys/net/ipv4/ip_forward
>>iptables -F
>>iptables -t nat -F
>>modprobe ip_nat_ftp
>>iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>>iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
>>iptables -A INPUT -i eth0 -p tcp --dport 22   -j ACCEPT
>>iptables -A INPUT -i eth0 -p tcp --dport 42   -j ACCEPT
>>iptables -A INPUT -i eth0 -p tcp --dport 53   -j ACCEPT
>>iptables -A INPUT -i eth0 -p udp --dport 53   -j ACCEPT
>>iptables -A INPUT -i eth0 -p udp --dport 88   -j ACCEPT
>>iptables -A INPUT -i eth0 -p tcp --dport 88   -j ACCEPT
>>iptables -A INPUT -i eth0 -p tcp --dport 135  -j ACCEPT
>>iptables -A INPUT -i eth0 -p udp --dport 137  -j ACCEPT
>>iptables -A INPUT -i eth0 -p tcp --dport 137  -j ACCEPT
>>iptables -A INPUT -i eth0 -p udp --dport 138  -j ACCEPT
>>iptables -A INPUT -i eth0 -p tcp --dport 138  -j ACCEPT
>>iptables -A INPUT -i eth0 -p udp --dport 139  -j ACCEPT
>>iptables -A INPUT -i eth0 -p tcp --dport 139  -j ACCEPT
>>iptables -A INPUT -i eth0 -p tcp --dport 389  -j ACCEPT
>>iptables -A INPUT -i eth0 -p tcp --dport 636  -j ACCEPT
>>iptables -A INPUT -i eth0 -p tcp --dport 445  -j ACCEPT
>>iptables -A INPUT -i eth0 -p udp --dport 445  -j ACCEPT
>>iptables -A INPUT -i eth0 -p tcp --dport 3268 -j ACCEPT
>>iptables -A INPUT -i eth0 -p tcp --dport 3269 -j ACCEPT
>>iptables -P INPUT DROP
>>iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
>>iptables -P FORWARD DROP
>>iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
>>iptables -A FORWARD -i eth0 -p tcp --dport 21        -j ACCEPT
>>iptables -A FORWARD -i eth0 -p tcp --dport 443       -j ACCEPT
>>iptables -A FORWARD -i eth0 -p tcp --dport 5000      -j ACCEPT
>>iptables -A FORWARD -i eth0 -p tcp --dport 5001      -j ACCEPT
>>iptables -A FORWARD -i eth0 -p tcp --dport 5005      -j ACCEPT
>>iptables -A FORWARD -i eth0 -p tcp --dport 5050      -j ACCEPT
>>iptables -A FORWARD -i eth0 -p tcp --dport 6660:6670 -j ACCEPT
>>iptables -A FORWARD -i eth0 -p tcp --dport 7000      -j ACCEPT
>>iptables -A FORWARD -i eth0 -p tcp --dport 28805     -j ACCEPT
>>iptables -A FORWARD -i eth0 -p tcp --dport 51215     -j ACCEPT
>>iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
>>Add photos to your messages with MSN 8. Get 2 months FREE*. 
>Paul Gienger                     Office:		701-281-1884
>Applied Engineering Inc.         Cell:			701-306-6254
>Information Systems Consultant   Fax:			701-281-1322
>URL: www.ae-solutions.com        mailto:pgienger at ae-solutions.com

Add photos to your e-mail with MSN 8. Get 2 months FREE*. 

More information about the samba mailing list