Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 16 Nov 2006 04:03:07 -0600
From:      "Travis H." <travis@nexus.subspacefield.org>
To:        Andrei Kolu <antik@bsd.ee>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: problems connecting samba shares
Message-ID:  <20061116100307.GC32666@nexus.subspacefield.org>
In-Reply-To: <200611151910.53727.antik@bsd.ee>
References:  <56217.24.161.8.173.1159492654.squirrel@mail.poklib.org> <54636.24.161.8.173.1160744143.squirrel@mail.poklib.org> <d4f1333a0610131423g2bc39694rb8dea6b8a49e3b12@mail.gmail.com> <200611151910.53727.antik@bsd.ee>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Nov 15, 2006 at 07:10:51PM +0200, Andrei Kolu wrote:
> I am struggling here with PF firewall and just can't connect to any samba 
> share if PF is enabled:

That's because the SMB protocol was designed in total ignorance of
firewalls (and, to be fair, is much older than the first book on
firewalls).  Like "talk" and other such protocols, which are virtually
impossible to do safely across a firewall, it has a mishmash of
connections in and out and back in again.

You may find this page of mine useful; using the information here
might get you up and running, but you'll be poking some serious
holes in the firewall to do this.

http://www.subspacefield.org/~travis/firewalls_and_protocols.html

You may find this old paper interesting though:
http://web.textfiles.com/hacking/cifs.txt

Ack, I gave in to curiousity, read a bit, and now I need a shower.
I couldn't get past the "Phase 0".  Perhaps Bill Gates is a genius,
not because CIFS/SMB is great, but because it is so horrible;
yet he actually got people to pay for it.  That counts for something.

But given that MS Services for Unix is free, wouldn't you be
happier using NFS than some dodgy proprietary anachronism that
is so chock full of arbitrariness that it boggles and stupefies
the mind?  Let's just pretend IPX and SMB never existed.  In a
decade nobody will even remember it.  Here's to hoping.
-- 
"Cryptography is nothing more than a mathematical framework for
discussing various paranoid delusions." -- Don Alvarez
<URL:http://www.subspacefield.org/~travis/>; -><-



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061116100307.GC32666>