Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 20 Aug 2000 12:58:46 +0200 (MET DST)
From:      Helge Oldach <Helge.Oldach@de.origin-it.com>
To:        ohartman@ipamzlx.physik.uni-mainz.de (O. Hartmann)
Cc:        freebsd-questions@freebsd.org, freebsd-stable@freebsd.org
Subject:   Re: SAMBA and IP filtering
Message-ID:  <200008201058.MAA28483@galaxy.de.cp.philips.com>
In-Reply-To: <Pine.BSF.4.10.10008181157370.742-100000@ipamzlx.physik.uni-mainz.de> from "O. Hartmann" at "Aug 18, 2000 12: 3:24 pm"

next in thread | previous in thread | raw e-mail | index | archive | help
O. Hartmann:
>Is anybody out here who has IP filtering (IPFIREWALL) on and has still
>full SAMBA access via NT clients?
>I have the following problem: IP filtering is enabled and working well on
>our FBSD 4.1 box running samba. One of the first rules is to allow all traffic
>from and to the server via the local network, that means no restrictions. With
>many services this runs well - but not for SAMBA!
>
>When trying to access a ip-filtering SAMBA server, I see its icon in the
>network neightborhood environment, but when clicking on its icon, I get the
>error message "Access denied, network path not found" after a while. Stopping
>Ip-filtering solves the problem, but that is not the right solution, I think.
>My question is, how to solve this problem.

Actually there are two separate issues.

To access a remote server you need unrestricted udp/137, udp/138 and
tcp/139 from the clients to the server. Note that sometimes the source
port is one of these as well, sometimes it is >1024.

Your second paragraph appears like you want browsing. Make sure that
network broadcasts will go through as well, i.e. you cannot restrict
filter to just the server's and client's IP addresses but must include
the appropriate network broadcast addresses as well.

Helge


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008201058.MAA28483>