[Samba] Re: Samba/Firewall issues?

Mark Waterhouse - Mailing Lists markmail at dfk-systems.com
Wed Oct 12 15:46:25 GMT 2005 

Paul

Can you confirm what your settings for "local master", "domain master" and 
"preferred master" are?
You should find these in /etc/smb.conf

Mark

----- Original Message ----- 
> Greetings,
>
> I am running into *possible* Samba/Firewall issues. Our Samba v3.0.11
> server is also running iptables. In our log.nmbd file we have
> noticed the following:
>
> [2005/09/27 15:43:41, 1] libsmb/cliconnect.c:cli_connect(1313)
>  Error connecting to 130.xx.xx.xx (Connection refused)
> [2005/09/27 15:50:21, 0] libsmb/nmblib.c:send_udp(790)
>  Packet send failed to 130.xx.xx.xx(138) ERRNO=Operation not
>  permitted
>
> [2005/09/27 14:07:57, 1] libsmb/cliconnect.c:cli_connect(1313)
>  Error connecting to 130.xx.xx.xx (No route to host)
> [2005/09/27 14:12:51, 1] libsmb/cliconnect.c:cli_connect(1313)
>  Error connecting to 130.xx.xx.xx (Connection refused)
> [2005/09/27 14:23:04, 1] libsmb/cliconnect.c:cli_connect(1313)
>
> A search turned up the following:
> http://seclists.org/lists/bugtraq/2001/Mar/0285.html
> ----------------
> Obviously, the netfilter nat code breaks nmap while using the -O flag
> or using decoy options. The (sendto in send_tcp_raw: sendto....) error is
> a symptom of this. It also breaks other packet shaping utilities such
> as hping, etc., so this does not appear to be an nmap problem.
>
>
> I don't believe the connection tracking portion of netfilter is to
> blame in this case. In my tests the connection tracking code, whether it 
> was
> loaded as a module or built statically into the kernel, didn't seem to
> get in the way. The cause of the 'sendto..' errors seems to be caused
> solely by the iptable_nat.o module(which is huge, of course). Once you
> load that one, or build it into the kernel, "nmap -O" no
> worky. Without it, nmap/hping/everything works just peachy.
>
>
> Best Regards,
> Steve
> ---------
>
> Now I have removed iptable_nat with rmmod but I am still seeing
> errors. For our end users the error shows up as XXXX Domain not found.
>
> Anyone see these errors before ??
>
> Thanks
> Paul

More information about the samba mailing list