[Samba] Error Messages in /var/log/messages
Jesse Spangenberger
jesse at oceanlodge.biz
Fri Feb 10 14:58:01 GMT 2006
Thanks for the information.
The ports 139 and 445 are both open. Using SuSE 9.2 Professional. I guess
I'll look more information on the FW and see what I can do.
-----Original Message-----
From: Craig White [mailto:craigwhite at azapple.com]
Sent: Thursday, February 09, 2006 11:50 PM
To: samba at lists.samba.org
Subject: Re: [Samba] Error Messages in /var/log/messages
On Thu, 2006-02-09 at 16:08 -0500, Jesse Spangenberger wrote:
> Here's the output:
>
> Feb 9 15:51:26 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT=
> MAC=00:0f:ea:73:88:12:00:40:2b:67:5b:a7:08:00 SRC=192.168.1.54
> DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=51248 DF
> PROTO=TCP
> SPT=1964 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT
> (020405B401010402)
>
> Feb 9 15:51:28 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT=
> MAC=00:0f:ea:73:88:12:00:12:3f:a1:fd:1b:08:00 SRC=192.168.1.61
> DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=2065 DF PROTO=TCP
> SPT=1136 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0 OPT
> (020405B401010402)
>
> Feb 9 15:51:28 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT=
> MAC=00:0f:ea:73:88:12:00:12:3f:a1:fd:1b:08:00 SRC=192.168.1.61
> DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=2066 DF PROTO=TCP
> SPT=1137 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT
> (020405B401010402)
>
> Feb 9 15:51:46 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT=
> MAC=00:0f:ea:73:88:12:00:00:c5:fa:6d:6c:08:00 SRC=192.168.2.51
> DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=38844 DF
> PROTO=TCP
> SPT=2924 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT
> (0204055C01010402)
>
> Feb 9 15:52:55 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT=
> MAC=00:0f:ea:73:88:12:00:09:5b:e6:1a:27:08:00 SRC=192.168.1.254
> DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=2068 DF PROTO=TCP
> SPT=1184 DPT=139 WINDOW=16384 RES=0x00 SYN URGP=0 OPT
> (020405B401010402)
>
> Feb 9 15:53:07 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT=
> MAC=00:0f:ea:73:88:12:00:40:ca:86:d5:17:08:00 SRC=192.168.1.53
> DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=30142 DF
> PROTO=TCP
> SPT=2912 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT
> (020405B401010402)
>
> Feb 9 15:55:28 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT=
> MAC=00:0f:ea:73:88:12:00:12:3f:a1:fd:1b:08:00 SRC=192.168.1.61
> DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=2094 DF PROTO=TCP
> SPT=1138 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0 OPT
> (020405B401010402)
>
> Feb 9 15:55:28 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT=
> MAC=00:0f:ea:73:88:12:00:12:3f:a1:fd:1b:08:00 SRC=192.168.1.61
> DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=2095 DF PROTO=TCP
> SPT=1139 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT
> (020405B401010402)
>
> Feb 9 15:55:57 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT=
> MAC=00:0f:ea:73:88:12:00:00:c5:fa:6d:6c:08:00 SRC=192.168.2.51
> DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=39419 DF
> PROTO=TCP
> SPT=2949 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT
> (0204055C01010402)
>
> Feb 9 15:56:23 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT=
> MAC=00:0f:ea:73:88:12:00:40:2b:67:5b:a7:08:00 SRC=192.168.1.54
> DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=51404 DF
> PROTO=TCP
> SPT=1967 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT
> (020405B401010402)
>
> Feb 9 15:56:55 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT=
> MAC=00:0f:ea:73:88:12:00:09:5b:e6:1a:27:08:00 SRC=192.168.1.254
> DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=2095 DF PROTO=TCP
> SPT=1186 DPT=139 WINDOW=16384 RES=0x00 SYN URGP=0 OPT
> (020405B401010402)
>
> Feb 9 15:57:07 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT=
> MAC=00:0f:ea:73:88:12:00:40:ca:86:d5:17:08:00 SRC=192.168.1.53
> DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=30188 DF
> PROTO=TCP
> SPT=2915 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT
> (020405B401010402)
>
> Feb 9 15:59:01 SSI001 /usr/sbin/cron[3387]: (root) CMD ( rm -f
> /var/spool/cron/lastrun/cron.hourly)
>
> Feb 9 15:59:28 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT=
> MAC=00:0f:ea:73:88:12:00:12:3f:a1:fd:1b:08:00 SRC=192.168.1.61
> DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=2123 DF PROTO=TCP
> SPT=1141 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT
> (020405B401010402)
>
> Feb 9 15:59:28 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT=
> MAC=00:0f:ea:73:88:12:00:12:3f:a1:fd:1b:08:00 SRC=192.168.1.61
> DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=2124 DF PROTO=TCP
> SPT=1140 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0 OPT
> (020405B401010402)
>
> Feb 9 15:59:28 SSI001 smbd[3389]: [2006/02/09 15:59:28, 0]
> lib/util_sock.c:get_peer_addr(1136)
>
> Feb 9 15:59:28 SSI001 smbd[3389]: getpeername failed. Error was
> Transport endpoint is not connected
>
> Feb 9 15:59:28 SSI001 smbd[3389]: [2006/02/09 15:59:28, 0]
> lib/util_sock.c:get_peer_addr(1136)
>
> Feb 9 15:59:28 SSI001 smbd[3389]: getpeername failed. Error was
> Transport endpoint is not connected
>
> Feb 9 15:59:28 SSI001 smbd[3389]: [2006/02/09 15:59:28, 0]
> lib/util_sock.c:write_socket_data(430)
>
> Feb 9 15:59:28 SSI001 smbd[3389]: write_socket_data: write failure.
> Error = Connection reset by peer
>
> Feb 9 15:59:28 SSI001 smbd[3389]: [2006/02/09 15:59:28, 0]
> lib/util_sock.c:write_socket(455)
>
> Feb 9 15:59:28 SSI001 smbd[3389]: write_socket: Error writing 4 bytes
> to socket 43: ERRNO = Connection reset by peer
>
> Feb 9 15:59:28 SSI001 smbd[3389]: [2006/02/09 15:59:28, 0]
> lib/util_sock.c:send_smb(647)
>
> Feb 9 15:59:28 SSI001 smbd[3389]: Error writing 4 bytes to client. -1.
> (Connection reset by peer)
>
> Feb 9 15:59:57 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT=
> MAC=00:0f:ea:73:88:12:00:00:c5:fa:6d:6c:08:00 SRC=192.168.2.51
> DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=39764 DF
> PROTO=TCP
> SPT=2963 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT
> (0204055C01010402)
>
> Feb 9 16:00:23 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT=
> MAC=00:0f:ea:73:88:12:00:40:2b:67:5b:a7:08:00 SRC=192.168.1.54
> DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=51502 DF
> PROTO=TCP SPT=1970 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT
> (020405B401010402)
>
> Feb 9 16:00:55 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT=
> MAC=00:0f:ea:73:88:12:00:09:5b:e6:1a:27:08:00 SRC=192.168.1.254
> DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=2122 DF PROTO=TCP
> SPT=1187 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0 OPT
> (020405B401010402)
>
>
>
> I get these alot. As you can see -- the times are close together --
> not sure what's going on atm.
----
firewall logs...
basically, the logs are saying that it is blocking...
DPT=139 (destination port 139)
from
SRC=192.168.1.54 (seems like a computer on the local LAN)
and likewise for
DPT=445 (similar but different local LAN ip addresses) (note port 445 is
Win2k/WinXP)
the other errors you list...
endpoint not connected...
write socket.data
are common errors you can ignore (search the archives of this list for more
information if you want)
you probably should just open ports 139 and 445 in your firewall for the
local lan only (192.168.1.0 subnet mask 255.255.255.0)
Craig
More information about the samba
mailing list