From owner-freebsd-questions Mon Aug 21 1:55:18 2000 Delivered-To: freebsd-questions@freebsd.org Received: from snafu.adept.org (adsl-63-201-63-44.dsl.snfc21.pacbell.net [63.201.63.44]) by hub.freebsd.org (Postfix) with ESMTP id 8498F37B424; Mon, 21 Aug 2000 01:55:01 -0700 (PDT) Received: by snafu.adept.org (Postfix, from userid 1000) id BAC5F9EE01; Mon, 21 Aug 2000 01:54:59 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by snafu.adept.org (Postfix) with ESMTP id AD2709B001; Mon, 21 Aug 2000 01:54:59 -0700 (PDT) Date: Mon, 21 Aug 2000 01:54:59 -0700 (PDT) From: Mike Hoskins To: Helge Oldach Cc: "O. Hartmann" , freebsd-questions@freebsd.org, freebsd-stable@freebsd.org Subject: Re: SAMBA and IP filtering In-Reply-To: <200008201058.MAA28483@galaxy.de.cp.philips.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG -mrh On Sun, 20 Aug 2000, Helge Oldach wrote: > >Is anybody out here who has IP filtering (IPFIREWALL) on and has still > >full SAMBA access via NT clients? IPFW/Samba serving Win2k clients... close enough. > >I have the following problem: IP filtering is enabled and working well on > >our FBSD 4.1 box running samba. One of the first rules is to allow all traffic > >from and to the server via the local network, that means no restrictions. So... I guess you have something like: check-state allow ip from ${inet}:{$imask} to any keep-state > >many services this runs well - but not for SAMBA! It's working here... [30]root@snafu{mike}$ uname -a FreeBSD snafu.adept.org 4.1-STABLE FreeBSD 4.1-STABLE #0: Fri Aug 18 20:30:33 PDT 2000 mike@snafu.adept.org:/usr/src/sys/compile/SNAFU i386 [31]root@snafu{mike}$ pkg_info|grep samba samba-2.0.7 A free SMB and CIFS client and server for UNIX > >When trying to access a ip-filtering SAMBA server, I see its icon in the > >network neightborhood environment, but when clicking on its icon, I get the > >error message "Access denied, network path not found" after a while. Stopping > >Ip-filtering solves the problem, but that is not the right solution, I think. > >My question is, how to solve this problem. Are you running from inetd, or as daemons? What's your smb.conf file look like? Have you tried firing up a sniffer to see exactly what's going on when you '[click] on its icon'? -mrh To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message