Date: Sun, 20 Aug 2000 12:58:46 +0200 (MET DST) From: Helge Oldach <Helge.Oldach@de.origin-it.com> To: ohartman@ipamzlx.physik.uni-mainz.de (O. Hartmann) Cc: freebsd-questions@freebsd.org, freebsd-stable@freebsd.org Subject: Re: SAMBA and IP filtering Message-ID: <200008201058.MAA28483@galaxy.de.cp.philips.com> In-Reply-To: <Pine.BSF.4.10.10008181157370.742-100000@ipamzlx.physik.uni-mainz.de> from "O. Hartmann" at "Aug 18, 2000 12: 3:24 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
O. Hartmann: >Is anybody out here who has IP filtering (IPFIREWALL) on and has still >full SAMBA access via NT clients? >I have the following problem: IP filtering is enabled and working well on >our FBSD 4.1 box running samba. One of the first rules is to allow all traffic >from and to the server via the local network, that means no restrictions. With >many services this runs well - but not for SAMBA! > >When trying to access a ip-filtering SAMBA server, I see its icon in the >network neightborhood environment, but when clicking on its icon, I get the >error message "Access denied, network path not found" after a while. Stopping >Ip-filtering solves the problem, but that is not the right solution, I think. >My question is, how to solve this problem. Actually there are two separate issues. To access a remote server you need unrestricted udp/137, udp/138 and tcp/139 from the clients to the server. Note that sometimes the source port is one of these as well, sometimes it is >1024. Your second paragraph appears like you want browsing. Make sure that network broadcasts will go through as well, i.e. you cannot restrict filter to just the server's and client's IP addresses but must include the appropriate network broadcast addresses as well. Helge To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008201058.MAA28483>