[Samba] [Solved] Fedora 25 Samba and XP-SP3

Mike Brown brown at mrvideo.vidiot.com
Mon Jun 12 12:36:32 UTC 2017


On Mon, Jun 12, 2017 at 02:19:00PM +0200, Reindl Harald via samba wrote:
> Am 12.06.2017 um 10:00 schrieb Mike Brown via samba:
>> On Mon, Jun 12, 2017 at 09:51:53AM +0200, Reindl Harald via samba wrote:
>>>>>> Damn firewall.  By default, Samba isn't allowed to connect.  Found it by
>>>>>> using wireshark to look at the packets and that gave me the clue
>>>>>
>>>>> no need for wireshark - normally one does simply "telnet host port" before
>>>>> even consider debug deeper
>>>>
>>>> Not sure I would have gotten the same info back.  Normally it is connection
>>>> refused when I do something like that.  The wireshark message was more
>>>> concise.  Either way, it was solved
>>>
>>> yeah and when you get connection refused on a TCP port the service is not
>>> reachable at all - it's not running or some firewall in front and hence the
>>> ICMP "port unrechable" response
>>
>> With wireshark the response was "Destination unreachable (Host
>> administratively prohibited)."  The "administratively prohibited" was the
>> big clue.
>
> the big clue is can you connect to the port or not
>
>  --reject-with type
>                Type can be
>                -icmp-net-unreachable
>                -icmp-host-unreachable
>                -icmp-port-unreachable
>                -icmp-proto-unreachable
>                -icmp-net-prohibited
>                -icmp-host-prohibited
>                -icmp-admin-prohibited
>
> "-j REJECT --reject-with icmp-admin-prohibited" could be anything from 
> above and is just a rule detail where the default is 
> "icmp-port-unreachable"

I've managed to avoid working with iptables.  But yes, being able to connect
or not is a big clue.  I just didn't think of using telnet to do a quick
test.  I've used in the past for some things, but just didn't think of it
this time around.

MB
-- 
e-mail: vidiot at vidiot.com | vidiot at vidiot.net            /~\ The ASCII
        6082066843 at email.uscc.net (140 char limit)       \ / Ribbon Campaign
Visit - URL: http://vidiot.com/                           X  Against
             http://vidiot.net/                          / \ HTML Email
"You're Sherlock Holmes, wear the damn hat!" - Watson to Sherlock
Sherlock - The Abominable Bride - 1/01/16



More information about the samba mailing list