RH9 SAMBA and Firewall
I'm not sure this belongs here, but I'll try anyway. I have the infamous WPC11V4 card up against the Linksys BEFW11S4 router. and a W2K box hardwired. After following threads and plugging away I have my network up, only due to everyone here. I have been attempting to get SAMBA to work over the wireless network to no avail, until I read about the firewall and "lokkit". I was never able to understand how tpo network / samba with the firewall set to high. I tried adding ports 137,138,139,445. Nothing. In a final desperate attempt I disabled the firewall "SAMBA workes" Knowing this is not a smart way to run I reset the firewall to high.
Ok, how do I set it so samba/smb ports oben on my linux rh9 system? I've found most other answers here so I know it's in here somewhere. Jwspring |
can't you disable your firewall during your test phase? is your machine directly connected to the internet? if not, do a
service iptables stop then do your testing Make sure samba is running do a netstat -lp to see if you've got somethin on ports 137, 139 and so on. have you done a service smb start or service smb restart? |
The ports 137-139,445901 are all in the services file. SMB and Samba are running. nmbd,smbd are on the ps -A list. Only setting rh9 to no firewall allowed the w2k to access linux.
|
Could you re-phrase that: "Only setting rh9 to no firewall allowed the w2k to access linux." ?
Please re-read my post? can you afford to disable the firewall during test? |
sorry,
For my testing I did disable the firewall with 'lokkit' This was how I was able to get it working. I have not viewed the logs. I had ethereal running on both th w2k system and my rh9 system. This showed the protocol attempts with the connection failures |
so you've got it running without a firewall?
if it doesn't work without firewall, go see your samba logs. |
Yep, samba will come up and run without a firewall. "no firewall" is not a option when connected to the internet. I'm looking for how to open the samba/smb ports with the firewall up. ports 137,138,139, along with 445 and 901.
|
ok, the problem is configuring the firewall?
The real answer is to learn Iptables, but you won't like it. I don't know lokkit so I can't help you. But I know samba uses broadcasts a lot, that might be the problem. Do you have 2 nics on your machine? |
rh9 lokkit manulipates the iptables. that is where I gotten lost. To network with samba getting the ports open/allowed in iptables. Do I need these open? or is the networking done differently with samba?
Only 1 nic in each box. |
if you have only 1 nic on each box, none of them is _directly_ connected to the internet right? If you are not _directly_ connected to the internet, there must be a firewall already... Why would you need duplicate firewalling... especially in a file server, which, is, by nature, a lan-only server.
I know lokkit's use, I just don't use it since I write my own firewall scripts with iptables. Working with samba on a firewalled machine is a pain. |
Let me see if I understand. With my linksys wireless/router/hub the only network to internet connection I do not need to have the RH9 firewall up? The router would be sufficient protection?
|
The router is sufficient for a lot of person. I don't run a firewall on my windows machine. I have a netgear router in front of it. In my corporate network, I do firewall rules on my servers in my DMZ, even if there is a firewall in front, but not in my lan.
Try to imagine if anyone running a windows server with exchange, file server and MS-SQL with a firewall! |
For now, rather that starting to learn iptables I'll take down the RH firewall.
Thanks |
I think you'll be secure enough anyways... there is always a compromise between security and usability, after all. But, even when writing iptables rules directly, it must be a serious pain to only allow samba.
|
If you want to run samba and firewall on dual nic box, I have an iptables ruleset that works
setup is thus: [dsl/cablemodem] <----> [router/hub] <-------> [eth1: linux box: eth0] <-------> [hub] === other boxes lan#1 lan#2 the linux box acts as firewall and saba server to lan#2 The basic rule is that lan#2 is trusted and lan#1 is not. Traffic intended for the linux box is allowed in from lan#2. If you want the iptables.firewall rulset I can post or email if you're interested. Incidentally, I've not managed to get a w2k laptop that uses a RSA secureid fob to work through iptables. I suspect its iptables NAT/SNAT but I've not figured it out yet |
All times are GMT -5. The time now is 09:12 AM. |