Date: Thu, 16 Nov 2006 04:03:07 -0600 From: "Travis H." <travis@nexus.subspacefield.org> To: Andrei Kolu <antik@bsd.ee> Cc: freebsd-pf@freebsd.org Subject: Re: problems connecting samba shares Message-ID: <20061116100307.GC32666@nexus.subspacefield.org> In-Reply-To: <200611151910.53727.antik@bsd.ee> References: <56217.24.161.8.173.1159492654.squirrel@mail.poklib.org> <54636.24.161.8.173.1160744143.squirrel@mail.poklib.org> <d4f1333a0610131423g2bc39694rb8dea6b8a49e3b12@mail.gmail.com> <200611151910.53727.antik@bsd.ee>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Nov 15, 2006 at 07:10:51PM +0200, Andrei Kolu wrote: > I am struggling here with PF firewall and just can't connect to any samba > share if PF is enabled: That's because the SMB protocol was designed in total ignorance of firewalls (and, to be fair, is much older than the first book on firewalls). Like "talk" and other such protocols, which are virtually impossible to do safely across a firewall, it has a mishmash of connections in and out and back in again. You may find this page of mine useful; using the information here might get you up and running, but you'll be poking some serious holes in the firewall to do this. http://www.subspacefield.org/~travis/firewalls_and_protocols.html You may find this old paper interesting though: http://web.textfiles.com/hacking/cifs.txt Ack, I gave in to curiousity, read a bit, and now I need a shower. I couldn't get past the "Phase 0". Perhaps Bill Gates is a genius, not because CIFS/SMB is great, but because it is so horrible; yet he actually got people to pay for it. That counts for something. But given that MS Services for Unix is free, wouldn't you be happier using NFS than some dodgy proprietary anachronism that is so chock full of arbitrariness that it boggles and stupefies the mind? Let's just pretend IPX and SMB never existed. In a decade nobody will even remember it. Here's to hoping. -- "Cryptography is nothing more than a mathematical framework for discussing various paranoid delusions." -- Don Alvarez <URL:http://www.subspacefield.org/~travis/>; -><-
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061116100307.GC32666>