From owner-freebsd-stable Fri Aug 18 3:59:14 2000 Delivered-To: freebsd-stable@freebsd.org Received: from lindt.urgle.com (lindt.urgle.com [195.173.172.169]) by hub.freebsd.org (Postfix) with ESMTP id BA4C037B43C; Fri, 18 Aug 2000 03:59:09 -0700 (PDT) Received: from mike by lindt.urgle.com with local (Exim 3.03 #1) id 13PjqM-0009CS-00; Fri, 18 Aug 2000 11:57:46 +0100 Date: Fri, 18 Aug 2000 11:57:46 +0100 From: Mike Bristow To: "O. Hartmann" Cc: freebsd-questions@freebsd.org, freebsd-stable@freebsd.org Subject: Re: SAMBA and IP filtering Message-ID: <20000818115746.A35276@lindt.urgle.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: ; from ohartman@ipamzlx.physik.uni-mainz.de on Fri, Aug 18, 2000 at 12:03:24PM +0200 X-Rated: Ruby Ridge, Serbian, insider dealing Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, Aug 18, 2000 at 12:03:24PM +0200, O. Hartmann wrote: > Is anybody out here who has IP filtering (IPFIREWALL) on and has still > full SAMBA access via NT clients? > I have the following problem: IP filtering is enabled and working well on > our FBSD 4.1 box running samba. One of the first rules is to allow all traffic > from and to the server via the local network, that means no restrictions. With > many services this runs well - but not for SAMBA! compile your kernel with IPFIREWALL_VERBOSE and add a "log" keyword to all of the reject rules (duplicating the default rule if neccessary with a log keyword in it) and then see what the rule is that drops the packets, what the packets are, and then (of course) allowing them. -- Mike Bristow, seebitwopie To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message