From owner-freebsd-security  Fri Apr 12  4:22:36 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mailout10.sul.t-online.com (mailout10.sul.t-online.com [194.25.134.21])
	by hub.freebsd.org (Postfix) with ESMTP id 70F0537B41A
	for <security@freebsd.org>; Fri, 12 Apr 2002 04:22:32 -0700 (PDT)
Received: from fwd11.sul.t-online.de 
	by mailout10.sul.t-online.com with smtp 
	id 16vz8Q-0004LM-0J; Fri, 12 Apr 2002 13:22:30 +0200
Received: from Magelan.Leidinger.net (520065502893-0001@[80.131.125.48]) by fmrl11.sul.t-online.com
	with esmtp id 16vz8K-0fCrOiC; Fri, 12 Apr 2002 13:22:24 +0200
Received: from Leidinger.net (netchild@localhost [127.0.0.1])
	by Magelan.Leidinger.net (8.12.2/8.12.2) with ESMTP id g3CBMVpN001093;
	Fri, 12 Apr 2002 13:22:35 +0200 (CEST)
	(envelope-from netchild@Leidinger.net)
Message-Id: <200204121122.g3CBMVpN001093@Magelan.Leidinger.net>
Date: Fri, 12 Apr 2002 13:22:31 +0200 (CEST)
From: Alexander Leidinger <Alexander@Leidinger.net>
Subject: Re: ipfw and samba
To: mario.pranjic@irb.hr
Cc: security@FreeBSD.ORG
In-Reply-To: <Pine.GSO.4.32.0204121002300.23202-100000@nippur.irb.hr>
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
X-Sender: 520065502893-0001@t-dialin.net
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On 12 Apr, Mario Pranjic wrote:

> Does anyone knows what should be opened in order to samba works proprely.
> I tried opening the ports 137-139 (tcp and udp) but it still doesn't
> work.
> 
> smbclient -L works, though, but I can't access the host from windows.
> 
> Anybody knowns what might be the problem?

${fwcmd} add allow tcp from any to me 138,139,445 in via ${outside_interface} setup keep-state
${fwcmd} add pass udp from any 139 to me 139 via ${outside_interface} keep-state

works for me.

Bye,
Alexander.

-- 
                   It's not a bug, it's tradition!

http://www.Leidinger.net                       Alexander @ Leidinger.net
  GPG fingerprint = C518 BC70 E67F 143F BE91  3365 79E2 9C60 B006 3FE7


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message