[Samba] iptables and samba

azeem ahmad azeem484 at hotmail.com
Sat May 29 08:38:09 GMT 2004 

hi all
this is the output of tcpdump that it shows continously in the four minutes 
that it takes to open the share
------------------------------------------------------------------------------------------------------------------------------------
02:28:17.294943 192.168.0.100.netbios-ssn > 192.168.0.2.1049: P 
28200:28268(68) ack 27225 win 5840 NBT Packet (DF)
02:28:17.295312 192.168.0.2.1049 > 192.168.0.100.netbios-ssn: P 
27225:27363(138) ack 28268 win 63495 NBT Packet (DF)
02:28:17.295422 192.168.0.100.netbios-ssn > 192.168.0.2.1049: P 
28268:28307(39) ack 27363 win 5840 NBT Packet (DF)
02:28:17.295768 192.168.0.2.1049 > 192.168.0.100.netbios-ssn: P 
27363:27408(45) ack 28307 win 63456 NBT Packet (DF)
02:28:17.295873 192.168.0.100.netbios-ssn > 192.168.0.2.1049: P 
28307:28346(39) ack 27408 win 5840 NBT Packet (DF)
02:28:17.296297 192.168.0.2.1049 > 192.168.0.100.netbios-ssn: P 
27408:27501(93) ack 28346 win 63417 NBT Packet (DF)
-------------------------------------------------------------------------------------------------------------------------------------

Regards
Azeem


>From: "azeem ahmad" <azeem484 at hotmail.com>
>To: samba at lists.samba.org
>Subject: Re: [Samba] iptables and samba
>Date: Thu, 27 May 2004 22:02:20 +0000
>
>
>the problem has been partially soved by REJECTing or ACCEPTing the port 
>445. the effect of ACCEPTing or REJECTing is same and that is:
>as i stated before that i have two shares named soft and linux. the problem 
>appeares while accessing both shares for the first time (note only for the 
>first time. if i close the share and then triy again the problem doesnt 
>occur unless i restart my client computer) now the problem has been 
>partially solved as if i access one of the two shares it takes 4 minutes 
>but if then i access the 2nd share it doent take time. while before adding 
>this rule it was talking time for the both shares
>
>Regards
>Azeem
>
>>From: Andrew Gaffney <agaffney at skylineaero.com>
>>To: Tom Skeren <tms3 at fsklaw.net>
>>CC: azeem ahmad <azeem484 at hotmail.com>,  samba at lists.samba.org
>>Subject: Re: [Samba] iptables and samba
>>Date: Thu, 27 May 2004 16:43:39 -0500
>>
>>Tom Skeren wrote:
>>>Andrew Gaffney wrote:
>>>
>>>>azeem ahmad wrote:
>>>>
>>>>>hi
>>>>>i m using the script below
>>>>>-------------------------------------------------------------------------------------------------------------------------------------
>>>>>
>>>>>iptables -F
>>>>>iptables -t nat -F
>>>>>iptables -P INPUT DROP
>>>>>iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>>>>>iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
>>>>>iptables -A INPUT -i eth0 -p tcp --dport 22   -j ACCEPT
>>>>>iptables -A INPUT -i eth0 -p tcp --dport 53   -j ACCEPT
>>>>>iptables -A INPUT -i eth0 -p udp --dport 53   -j ACCEPT
>>>>>iptables -A INPUT -i eth0 -p udp --dport 137  -j ACCEPT
>>>>>iptables -A INPUT -i eth0 -p udp --dport 138  -j ACCEPT
>>>>>iptables -A INPUT -i eth0 -p tcp --dport 139  -j ACCEPT
>>>>>
>>>>>-------------------------------------------------------------------------------------------------------------------------------------
>>>>>
>>>>>
>>>>>i have two shares on samba server "Soft and linux" in these shares 
>>>>>there are many folders. whenever i run the above script and then i open 
>>>>>the share it takes atleast 4  minutes to open the share. but it doesnt 
>>>>>take time while browsing inside share.
>>>>>mean there is a folder on soft share like soft/adobe/acrobat/acrobat6
>>>>>when i double click on soft it takes atleast 4 minutes but after that 
>>>>>when i click on adobe then acrobat then acrobat6 it takes now time it 
>>>>>just browse them normally. same problem is with the other share named 
>>>>>linux.
>>>>>but if i dont run this script then all shares work fine with no delay
>>>>>this problem only occures first time. mean when i browse the share next 
>>>>>time it doesnt occur
>>>>
>>>>
>>>>
>>>>This is a complete shot in the dark. Windows 2000 (probably) and XP 
>>>>(definately) will look for a SMB server on port 445 first by default. 
>>>>Since you have '-j DROP', the requests to 445 don't get a response. It 
>>>>takes a little bit to timeout and then Windows probably tries to connect 
>>>>again. I bet if you add the following iptables rule, the problem will go 
>>>>away:
>>>>
>>>>iptables -A INPUT -i eth0 -p all --dport 445 -j REJECT
>>>>
>>>If you have Samba 3.x it will share on port 445.
>>
>>Okay, so you can change that REJECT to ACCEPT.
>>
>>--
>>Andrew Gaffney
>>Network Administrator
>>Skyline Aeronautics, LLC.
>>636-357-1548
>>
>
>_________________________________________________________________
>Add photos to your e-mail with MSN 8. Get 2 months FREE*. 
>http://join.msn.com/?page=features/featuredemail
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions:  http://lists.samba.org/mailman/listinfo/samba

_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail

More information about the samba mailing list