From owner-freebsd-questions  Sun Aug 20  3:59: 0 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from gw-nl1.origin-it.com (gw-nl1.origin-it.com [193.79.128.34])
	by hub.freebsd.org (Postfix) with ESMTP
	id D849C37B423; Sun, 20 Aug 2000 03:58:53 -0700 (PDT)
Received: from mail.de.origin-it.com (localhost.origin-it.com [127.0.0.1])
          by gw-nl1.origin-it.com with ESMTP id MAA03886;
          Sun, 20 Aug 2000 12:58:52 +0200 (MEST)
          (envelope-from Helge.Oldach@de.origin-it.com)
Received: from smtprelay-de1.origin-it.com(172.16.188.53) by gw-nl1.origin-it.com via mwrap (4.0a)
	id xma003884; Sun, 20 Aug 00 12:58:52 +0200
Received: from mailhub.de.origin-it.com ([130.143.166.88]) 
	by mail.de.origin-it.com (8.9.3/8.8.5-1.2.2m-19990317) with ESMTP id MAA22476; Sun, 20 Aug 2000 12:58:51 +0200 (MET DST)
Received: from galaxy.de.cp.philips.com (galaxy.de.cp.philips.com [130.143.166.29])
	by mailhub.de.origin-it.com (8.9.3/8.9.3/hmo09aug00) with ESMTP id MAA24034;
	Sun, 20 Aug 2000 12:58:49 +0200 (CEST)
	(envelope-from Helge.Oldach@de.origin-it.com)
Received: (from hmo@localhost)
	by galaxy.de.cp.philips.com (8.9.3/8.9.3/hmo14aug98) id MAA28483;
	Sun, 20 Aug 2000 12:58:47 +0200 (MET DST)
Message-Id: <200008201058.MAA28483@galaxy.de.cp.philips.com>
Subject: Re: SAMBA and IP filtering
In-Reply-To: <Pine.BSF.4.10.10008181157370.742-100000@ipamzlx.physik.uni-mainz.de> from "O. Hartmann" at "Aug 18, 2000 12: 3:24 pm"
To: ohartman@ipamzlx.physik.uni-mainz.de (O. Hartmann)
Date: Sun, 20 Aug 2000 12:58:46 +0200 (MET DST)
Cc: freebsd-questions@freebsd.org, freebsd-stable@freebsd.org
From: Helge Oldach <Helge.Oldach@de.origin-it.com>
X-Address: ORIGIN Deutschland GmbH, Billstrasse 80, D-20539 Hamburg, Germany
X-Phone: +49 40 7886 464, Fax: +49 40 7886 235, Mobile: +49 172 4515513
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

O. Hartmann:
>Is anybody out here who has IP filtering (IPFIREWALL) on and has still
>full SAMBA access via NT clients?
>I have the following problem: IP filtering is enabled and working well on
>our FBSD 4.1 box running samba. One of the first rules is to allow all traffic
>from and to the server via the local network, that means no restrictions. With
>many services this runs well - but not for SAMBA!
>
>When trying to access a ip-filtering SAMBA server, I see its icon in the
>network neightborhood environment, but when clicking on its icon, I get the
>error message "Access denied, network path not found" after a while. Stopping
>Ip-filtering solves the problem, but that is not the right solution, I think.
>My question is, how to solve this problem.

Actually there are two separate issues.

To access a remote server you need unrestricted udp/137, udp/138 and
tcp/139 from the clients to the server. Note that sometimes the source
port is one of these as well, sometimes it is >1024.

Your second paragraph appears like you want browsing. Make sure that
network broadcasts will go through as well, i.e. you cannot restrict
filter to just the server's and client's IP addresses but must include
the appropriate network broadcast addresses as well.

Helge


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message