Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 24 Sep 1998 15:16:25 -0400
From:      Forrest Aldrich <forrie@forrie.com>
To:        freebsd-questions@FreeBSD.ORG
Subject:   Samba and IPFW
Message-ID:  <199809241916.PAA08004@spook.navinet.net>
next in thread | raw e-mail | index | archive | help 
I've been having some difficulty getting Samba to work with packet
filtering turned on.
This is on FreeBSD-2.2.7 (latest build cvsupped).

Basically, I can get it to work if I drop all the filters...  I've tried
different combinations
of rules, with no help from the samba list (most of them seem to be using
Linux ipfwadm).

I have, presently:

    $fwcmd add pass tcp from ${net}:${mask} to ${ip} 139 setup
    $fwcmd add pass tcp from ${net}:${mask} to ${ip} 138 setup
    $fwcmd add pass tcp from ${net}:${mask} to ${ip} 137 setup
    $fwcmd add pass udp from ${net}:${mask} to ${ip} 139
    $fwcmd add pass udp from ${net}:${mask} to ${ip} 138
    $fwcmd add pass udp from ${net}:${mask} to ${ip} 137
    $fwcmd add pass udp from ${ip} to any 137
    $fwcmd add pass udp from ${ip} to any 138
    $fwcmd add pass udp from ${ip} to any 139

This is very permissive, and I don't know that all of it is needed.  I want
to restrict access to
our localnet (hence the net:mask).  mask = 255.255.255.0, so that shouldn't
be the issue.

I can SEE the machine from Windows98 but cannot connect to the share unless
I drop the filters.

The head of the rc.firewall area has:

# Allow TCP through if setup succeeded
    $fwcmd add pass tcp from any to any established
    $fwcmd add pass tcp from ${ip} to any established
    $fwcmd add pass tcp from any to ${ip} 1024-65535 setup

And I've toyed with "setup" and "established" with no affects.  Someone had
suggested the setup
statement wasn't allowing the return traffic... and I've also had someone
disagree with that.

There's probably something very simple that I've overlooked.  Pointers
would be appreciated.

Thanks...




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809241916.PAA08004>