[Samba] What's the deal with connecting back to the client on port 445?

[David Landgren]

hi list,

I'm a bit of an old skool Samba user, have started using it back in
the dark 0.9-ish days. To that end, the ports 137, 138 and 139 and
burned deep into my neurons. I've just recently upgraded everything to
3.0.10 (the oldest Samba installation running was 2.2.3).

I've seen a lot of garbage disappear from the Network Neighborhood,
which is a good thing. One thing, however, has been puzzling me. If I
try to browse the printers on another subnet, the server immediately
comes back to me and tries to start talking to my client on port 445
(I'm aware that it's the AD service port). The firewall silently
discards the packet, the connection eventually times out, and then
proceeds on the older Netbios ports and stuff starts to work.

I'm looking for best practices with port 445. Can I open just this
port, and close down the 137-139 ports,  or open it in addition, or do
something else so that Samba doesn't try to attempt the initial
connection? (Considering that I have only XP clients, WinNT 200x and
Samba 3.0.10+ servers)?

I can understand why the client might try to see whether 445 is open,
I'm a bit puzzled as to why the servers do. The main point is that I
want to kill the initial delay as the 445 connection times out.

Thanks,
David