Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 18 Nov 1998 21:06:24 -0800
From:      Eric Hodel <hodeleri@seattleu.edu>
To:        Forrest Aldrich <forrie@forrie.com>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: Packet filters and Samba
Message-ID:  <3653A750.6D92D32B@seattleu.edu>
References:  <4.1.19981117153643.00a8ac60@206.25.93.69>
next in thread | previous in thread | raw e-mail | index | archive | help 
You can define a "allow hosts =" in the smb.conf, and you may wish to try this. 
Check the man page for details.

Eric Hodel
hodeleri@seattleu.edu

Forrest Aldrich wrote:
> 
> I seem to be missing something, and wonder if someone might comment.
> 
> I've read through the relevant docs in Samba regarding this, and still
> cannot seem
> to get Samba to work with the ipfw enabled.
> 
> If I take ipfw down, it works fine, so clearly something else needs to be
> addressed (no pun intended).
> 
> I've tried a couple of approaches.  My goal is to restrict access to my
> local network to these ports.
> However, tested with open access as well.   Here's what I have now:
> 
>         $fwcmd add pass tcp from any to ${ip} 139
>         $fwcmd add pass tcp from any to ${ip} 138
>         $fwcmd add pass tcp from any  to ${ip} 137
>         $fwcmd add pass udp from any 139 to ${ip}
>         $fwcmd add pass udp from any 138 to ${ip}
>         $fwcmd add pass udp from any 137 to ${ip}
>         $fwcmd add pass udp from ${ip} to any 137
>         $fwcmd add pass udp from ${ip} to any 138
>         $fwcmd add pass udp from ${ip} to any 139
> 
> First problem is netbios does seem to be able to perform the lookup.  I've
> tried enabling those
> features in Samba to no avail.  If I enter my server's IP in LMHOSTS, I can
> see the machine on
> the list, but still cannot connect to the share.
> 
> I understand that SMB broadcasts itself to the subnet address via UDP...
> I've sat and watched
> this with tcpdump.
> 
> Anyhow, I'm wondering if there is something very simple that I'm
> overlooking... or perhaps I've
> run into a bug?
> 
> This applies to FreeBSD-2.2.7-STABLE and FreeBSD-3.0-CURRENT... I think
> it's a packet filter
> issue rather than OS-related.
> 
> Thanks in advance.
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3653A750.6D92D32B>