|
Konqueror cannot Browse LAN When Firewall Is Enabled
Hi,
I am connected to a Windows based network and browse my network using Konqueror. It works very well. However, when I enable the builtin Mandriva Firewall, I can't browse the LAN. Konqueror fails to browse the LAN and throws this error message at me: "Unable to find any workgroups in your local network. This might be caused by an enabled firewall." Disabling the firewall enables me to browse the LAN normally. I guess Konqueror is using some port for network browsing which I will need to open on the firewall. But which port it might be? Any ideas on how to make things work while leaving the firewall enabled? |
This is straight off the Samba website.
Quote:
|
I opened the ports you specified but I still get the same error. From what I understand, these ports might need to be opened only when you have Samba Server installed. I do not have the server installed on my system, however, as I don't need to share any content. I do have the Samba client package installed, however.
Unless I enable the builtin firewall in my Mandriva 2007 distro (which to the best of my knowledge blocks only inbound traffic), I am able to browse any computer on the LAN simply by typing smb:/<host-name>. However, enabling the firewall (with the ports you specified excluded), I get the error "Unable to find any workgroups in your local network. This might be caused by an enabled firewall." as before. Any ideas? |
I've done some more searching, and it looks like other people have had a similar problem, but no solutions have been posted. Have you tried searching the Mandriva forums?
|
Same Question Posted On Mandriva Forums Alreay
Quote:
By the way, what did your search reveal regarding commonness of this problem. Is it a Mandriva 2007 specific issue or genral Linux issue? |
Moved: This thread is more suitable in Linux - Networking and has been moved accordingly to help your thread/question get the exposure it deserves.
|
Quote:
|
This is kind of a shot in the dark, but is port 7741(TCP) open through the firewall? This is the port used by LISa, a network browsing service used in KDE.
|
No luck :( Opened port 7741(TCP) but Konqueror gives the same error as before.
|
Is the install of Mandriva 2007 a clean install or an upgrade?
Is the system fully updated? In the firewall configuration, are you allowing ICMP (ping, etc) traffic? |
Current Firewall Config
* I've a clean install not an upgrade
* The system is updated but there are some packages which need to be updated. Put simply, the system is not fully updated. * In the firewall I have allowed
Currently, when I must browse the LAN I disable the firewall and then re-enable it :cry: |
Which version of Mandriva 2007 are you running?
|
I'm using Mandriva 2007 Free. I downloaded the four .iso images and burnt them myself. I'm not using any of the boxed versions.
|
Could you get back to us with the output of the below command ?
Quote:
|
Do you know how Mandriva is setting up the firewall? It looks like they use Shorewall, but they also mention the new Invictus firewall. Although I don't think Invictus would come with the free version, unless you installed it later.
|
Here's the output of iptables -L command:
Quote:
|
Mandriva Free Uses Shorewall
Quote:
All configuration related to the firewall is stored @ /etc/shorewall/. |
Here is something we can try. Enable the firewall with whatever the default settings might be, or whatever they are when you are getting this error. It shouldn't really matter which. Now open a terminal and run the following command as root.
Code:
tail -n 0 -f /var/log/messages |
I ran the command you specified and let it continue running while I tried to browse the LAN using Konqueror. As usual, Konqueror threw the same, old message that it couldn't browse the LAN. But the tail command didn't reveal anything.
However, I was able to manually find several messages similiar to the following one in the /var/log/messages: Quote:
I guess if we can somehow figure out the processing cycle of Konqueror for fetching the list of hosts from LAN, we might be able to configure the firewall accordingly. I think Konqueror not only sends packets to the n/w to query list of available hosts but also relies on the n/w hosts to send it acknowledgement/response packets. And most probably it is these response packets that are blocked by the firewall. And, thus, Konquror fails to browse the LAN. What do you say? |
I tried several configurations suggested at http://www.shorewall.net/ but they didn't work. Honestly, from what I see in the shorewall configuration files on my system (/etc/shorewall/zones,interfaces,hosts,and rules) I am sure that I should be able to browse the LAN. I don't however.
Today I decided to give LISA a chance too. So I configured it using the KDE Control Center by specifying values for various IP addresses that it requires. And it enabled me to browse the LAN, through the LISA interface though. So what happens now is that if I try to browse the LAN using smb:/ in the Konqueror location bar, I see the error message "Unable to find any workgroups in your local network. This might be caused by an enabled firewall." as before. However, when I try to browse the LAN using lan:/ in the Konqueror location bar, it shows a list of IP addresses representing available hosts on the LAN. This way I am able to browse the LAN, finally. So far so good. There is a bit of confusion though which is as follows. Typing lan:/ in the Konqueror bar lists IPs of available hosts and value of lan:/ changes to lan:/localhost (this is because in the current config my system is a LISA server). Double-clicking any of the IPs opens a folder named SMB (this indicates that this specific host has Windows File Sharing available). Konqueror location bar now reads lan://localhost/192.168.0.3. Double-clicking the SMB folder reveals all of the folders that are being shared by the host. Here's the interesting thing: at this point the Konqueror location bar reads smb://192.168.0.3/! To summarize: * Trying smb:/ fails with an error message. * Trying lan:/ lists available hosts on the LAN. * Following hosts from the lan:/ folder opens shares with lacation bar reading smb://<host-ip> * Trying smb://<host-ip> directly works as well. So now my questions are these: ? Why can't I browse using smb:/ ? Why do I see only the IP addresses instead of host names when I browse using lan:/ |
The fact that no errors were logged makes me think it isn't firewall related, but that certainly doesn't help to explain why it works when the firewall is off but not when it is on.
|
By the way, the same issue exists in SUSE 10.2 as well. Actually I've a small lab with four computers at my home. I configured one of my PCs running SUSE 10.2 with the built-in firewall and it experienced the same issue as my Mandriva 2007 box.
Anyways, at least now I can browse the LAN using lan:/ ioslave. Thank you very much for your help on the issue. Can you please tell me how can I get Konqueror to display host names rather than their IP addresses when browsing the LAN using the lan:/ ioslave? By the way my LAN server doesn't appear to be running a DNS server and I cannot manually populate the /etc/hosts file with host names and their IPs, of course. Is there any other solution to this problem. After all, Konqueror is able to display host names when I browse the LAN using smb:/ (though this doesn't work when the firewall is enabled). |
Quote:
How is your network set up? What OS's, how are they connected, etc. |
I am connected to a Windows-based network with a little more than a hundred hosts. The server is running Windows 2000 server OS. My ISP (the person who owns the n/w) has provided me a LAN cable which I've plugged into my own switch. I then connect all of my PCs to the same switch. This is how my n/w is setup, briefly.
Here are some points of interest: 1) The n/w is not under my control. 2) I control only the four PCs in my own lab not any on the n/w. 3) IPs of hosts may change over time (this is why populating the /etc/hosts file would become fruitless over time). 4) When browsing the n/w using smb:/ host names are displayed not IPs (In this case I must disable the builtin firewall or it won't work). 5) When browsing the n/w using lan:/ IPs are displayed not host names. 6) When browsing the n/w from Windows XP, host names are displayed not IPs. So this is how things are on my n/w. |
If I remember correctly, you are not running Samba?
If that is the case, you might want to try running Samba, but not share anything unless you want to. Running Samba (smbd) should take care of the name/IP issue. Specifically Sambas nmbd daemon, which handles netbios name resolution. I actually have never run a system on a predominantly Windows network without running Samba. Running Samba might also take care of your original issue, as long as the correct ports are opened through the firewall. |
Even though I don't have Samba installed, I've all the ports used by it (Windows File Sharing ports) opened. But even with this configuration, Konqueror was not able to browse the LAN while the firewall was running.
Although I don't know how to configure Samba yet, I will install it with default configuration and see if this can resolve the issue. Frankly, I don't think it will do me any good. Because using smb:/ with firewall enabled won't let Konqueror browse the LAN and using lan:/ will always translate into something like smb://192.168.0.94 in the end. Neverthless, I am gonna try things as you've suggested and come back with results. |
Hi,
I installed Samba and Swat to check if installing Samba will do any of the following:
Unfortunately, it didn't solve any of the issues. I don't think it is meant to tackle these issues either. Any ways, after installing Samba and Swat, being able to login to Swat proved to be a tough exercise. You can review my post on this. And now, suddenly, Gaim won't work! May be you want to check my post on Gaim here if you've Gaim experience. It seems that I always have at least one issue with my Mandriva box at all times to deal with. But it won't get me down as long as such a useful community is there to help out. Thanks. |
I wasn't positive that Samba would help, but at this point, I felt that it would be worth a try. One thing you could try would be to download a live CD, such as KNOPPIX or DSL, and see if you run into the same problems.
I checked your other two posts. If I understand correctly, the SWAT issue is fixed? I don't have much experience with GAIM or proxy servers. |
Actually the version of Swat packaged with Mandriva 2007 Free is broken. The problem has solved, however, after modification of the /etc/pam.d/samba file.
I installed Ubuntu 6.06 LTS on one of my systems to check if Gaim would work or not. Well, it didn't. So I can surely say that the new installation on my ISP's server has something that's not allowing Gaim to connect thru SOCKS4 proxy on port 1080 but it is allowing connections from Windows on the same port. Strange, I'd say. As far as that smb:/ issue is concerned, I checked that on SUSE 10.2 as well. It behaved the same as Mandriva 2007. Konqueror failed to browse the LAN when the SUSE builin firewall was enabled; otherwise it worked. I guess it might be by design. Anyways, using lan:/ is okay although a bit inconvenient. Thanks cgjones for your continuous help. |
I think the problem might be that konqueror uses nmblookup, which sends broadcast packets to locate the hosts, which are filtered by the firewall. There exists a rule in shorewall to avoid this, although it doesn't work for me (behind routers it doesn't work anyway), so this is what I did on openSUSE 10.2: enable lisa and in Configure Desktop (KDE control center)/Local network browsing check the send pings option and, if possible, add the ip addresses of the hosts there.
|
I already have LISA configured the way you are suggesting. And that's why I am able to browse the LAN with Konqueror by using the lan:/ ioslave. It works fine. The only problem with this is that it shows IP addresses of network hosts rather than their IP addresses.
|
Maybe you should also check your firewall. On my system, the smb kioslave works fine (actually better than windows, as everything appears instantly).
|
| All times are GMT -5. The time now is 02:02 AM. |