[Samba] Firewall piercing - The Specified network name is no longer available.

JLB jlb at twu.net
Wed Feb 9 22:26:46 GMT 2005


On Wed, 9 Feb 2005, Paul Gienger wrote:

> >You're confusing the sides of the firewall.
> >The restrictive security policies are on the side of the clients I work
> >for. THEIR firewalls are often quite restrictive.
> >
> >
> Ok, I've almost responded at least a couple times, but this is getting
> ludicrious now.  If they're restrictive on their side, then how the hell
> do you plan on getting out with your traffic???

Why would they restrict OUTGOING SMB/CIFS traffic?

>
> Besides that, I'd be really surprised if this connection would work at
> all with the sheer number of different networks you'd be crossing, any
> number of which are filtering for smb ported traffic.  Most consumer
> grade ISPs filter for all these ports, the one you run your mail server
> on seems to, or at least your server is filtered.  Our firewalls will
> allow just about anything out, but not smb because it's just wrong.  I
> believe some of these ports talk back to you also, at least 445, so
> you're probably not going to get back with the corresponding channel,
> much like non-passive ftp.
>
> >The other side of the equation is my box at home, which has no such
> >policy.
> >
> >
> Who is your ISP? I'd love a no-rules account with them.
>

I mean they don't seem to filter things, or at least not that I've found.

> >>>I even concocted a zero-install CygWin workalike and
> >>>keep it on my keychain USB drive...
> >>>
> >>>
> Do you have nmap? try and portscan your home box and see if you get the
> ports... it will tell you if you're getting filtered or not.  I'm
> guessing this is the case
>

[root at foo bar]# nmap baz.fnord.net -sT

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on xxxxxxxxxxxxx.big-isp.net (x.y.z.a):
(The 1593 ports scanned but not shown below are in state: closed)
Port       State       Service
21/tcp     open        ftp
22/tcp     open        ssh
23/tcp     filtered    telnet
25/tcp     open        smtp
80/tcp     open        http
139/tcp    open        netbios-ssn
443/tcp    open        https
8080/tcp   open        http-proxy

Nmap run completed -- 1 IP address (1 host up) scanned in 16 seconds
[root at foo bar]#

Does that answer your question?


> --
> --
> Paul Gienger                    Office: 701-281-1884
> Applied Engineering Inc.
> Systems Architect               Fax:    701-281-1322
> URL: www.ae-solutions.com       mailto: pgienger at ae-solutions.com
>
>
>

--
J. L. Blank, Systems Administrator, twu.net


More information about the samba mailing list