From owner-freebsd-questions  Wed Nov 18 21:08:29 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id VAA09596
          for freebsd-questions-outgoing; Wed, 18 Nov 1998 21:08:29 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from chopin.seattleu.edu (chopin.seattleu.edu [206.81.198.70])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA09588
          for <freebsd-questions@FreeBSD.ORG>; Wed, 18 Nov 1998 21:08:23 -0800 (PST)
          (envelope-from hodeleri@seattleu.edu)
Received: from seattleu.edu ([172.17.25.95])
	by chopin.seattleu.edu (8.8.5/8.8.5) with ESMTP id VAA06069;
	Wed, 18 Nov 1998 21:07:22 -0800 (PST)
Message-ID: <3653A750.6D92D32B@seattleu.edu>
Date: Wed, 18 Nov 1998 21:06:24 -0800
From: Eric Hodel <hodeleri@seattleu.edu>
X-Mailer: Mozilla 4.5 [en] (Win95; I)
X-Accept-Language: en
MIME-Version: 1.0
To: Forrest Aldrich <forrie@forrie.com>
CC: freebsd-questions@FreeBSD.ORG
Subject: Re: Packet filters and Samba
References: <4.1.19981117153643.00a8ac60@206.25.93.69>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

You can define a "allow hosts =" in the smb.conf, and you may wish to try this. 
Check the man page for details.

Eric Hodel
hodeleri@seattleu.edu

Forrest Aldrich wrote:
> 
> I seem to be missing something, and wonder if someone might comment.
> 
> I've read through the relevant docs in Samba regarding this, and still
> cannot seem
> to get Samba to work with the ipfw enabled.
> 
> If I take ipfw down, it works fine, so clearly something else needs to be
> addressed (no pun intended).
> 
> I've tried a couple of approaches.  My goal is to restrict access to my
> local network to these ports.
> However, tested with open access as well.   Here's what I have now:
> 
>         $fwcmd add pass tcp from any to ${ip} 139
>         $fwcmd add pass tcp from any to ${ip} 138
>         $fwcmd add pass tcp from any  to ${ip} 137
>         $fwcmd add pass udp from any 139 to ${ip}
>         $fwcmd add pass udp from any 138 to ${ip}
>         $fwcmd add pass udp from any 137 to ${ip}
>         $fwcmd add pass udp from ${ip} to any 137
>         $fwcmd add pass udp from ${ip} to any 138
>         $fwcmd add pass udp from ${ip} to any 139
> 
> First problem is netbios does seem to be able to perform the lookup.  I've
> tried enabling those
> features in Samba to no avail.  If I enter my server's IP in LMHOSTS, I can
> see the machine on
> the list, but still cannot connect to the share.
> 
> I understand that SMB broadcasts itself to the subnet address via UDP...
> I've sat and watched
> this with tcpdump.
> 
> Anyhow, I'm wondering if there is something very simple that I'm
> overlooking... or perhaps I've
> run into a bug?
> 
> This applies to FreeBSD-2.2.7-STABLE and FreeBSD-3.0-CURRENT... I think
> it's a packet filter
> issue rather than OS-related.
> 
> Thanks in advance.
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message