Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
12-05-2003, 09:23 AM
|
#1
|
Member
Registered: Jul 2003
Location: NorthWest US.
Distribution: Redhat 8,9, FC3, FC4, added FreeBSD
Posts: 35
Rep:
|
RH9 SAMBA and Firewall
I'm not sure this belongs here, but I'll try anyway. I have the infamous WPC11V4 card up against the Linksys BEFW11S4 router. and a W2K box hardwired. After following threads and plugging away I have my network up, only due to everyone here. I have been attempting to get SAMBA to work over the wireless network to no avail, until I read about the firewall and "lokkit". I was never able to understand how tpo network / samba with the firewall set to high. I tried adding ports 137,138,139,445. Nothing. In a final desperate attempt I disabled the firewall "SAMBA workes" Knowing this is not a smart way to run I reset the firewall to high.
Ok, how do I set it so samba/smb ports oben on my linux rh9 system?
I've found most other answers here so I know it's in here somewhere.
Jwspring
|
|
|
12-05-2003, 09:31 AM
|
#2
|
Member
Registered: Nov 2003
Distribution: RH, Fedora, Debian, Knoppix
Posts: 436
Rep:
|
can't you disable your firewall during your test phase? is your machine directly connected to the internet? if not, do a
service iptables stop
then do your testing
Make sure samba is running
do a
netstat -lp
to see if you've got somethin on ports 137, 139 and so on.
have you done a service smb start or service smb restart?
|
|
|
12-05-2003, 09:36 AM
|
#3
|
Member
Registered: Jul 2003
Location: NorthWest US.
Distribution: Redhat 8,9, FC3, FC4, added FreeBSD
Posts: 35
Original Poster
Rep:
|
The ports 137-139,445901 are all in the services file. SMB and Samba are running. nmbd,smbd are on the ps -A list. Only setting rh9 to no firewall allowed the w2k to access linux.
|
|
|
12-05-2003, 09:40 AM
|
#4
|
Member
Registered: Nov 2003
Distribution: RH, Fedora, Debian, Knoppix
Posts: 436
Rep:
|
Could you re-phrase that: "Only setting rh9 to no firewall allowed the w2k to access linux." ?
Please re-read my post? can you afford to disable the firewall during test?
|
|
|
12-05-2003, 09:46 AM
|
#5
|
Member
Registered: Jul 2003
Location: NorthWest US.
Distribution: Redhat 8,9, FC3, FC4, added FreeBSD
Posts: 35
Original Poster
Rep:
|
sorry,
For my testing I did disable the firewall with 'lokkit' This was how I was able to get it working. I have not viewed the logs. I had ethereal running on both th w2k system and my rh9 system. This showed the protocol attempts with the connection failures
|
|
|
12-05-2003, 09:50 AM
|
#6
|
Member
Registered: Nov 2003
Distribution: RH, Fedora, Debian, Knoppix
Posts: 436
Rep:
|
so you've got it running without a firewall?
if it doesn't work without firewall, go see your samba logs.
|
|
|
12-05-2003, 09:53 AM
|
#7
|
Member
Registered: Jul 2003
Location: NorthWest US.
Distribution: Redhat 8,9, FC3, FC4, added FreeBSD
Posts: 35
Original Poster
Rep:
|
Yep, samba will come up and run without a firewall. "no firewall" is not a option when connected to the internet. I'm looking for how to open the samba/smb ports with the firewall up. ports 137,138,139, along with 445 and 901.
|
|
|
12-05-2003, 09:59 AM
|
#8
|
Member
Registered: Nov 2003
Distribution: RH, Fedora, Debian, Knoppix
Posts: 436
Rep:
|
ok, the problem is configuring the firewall?
The real answer is to learn Iptables, but you won't like it. I don't know lokkit so I can't help you. But I know samba uses broadcasts a lot, that might be the problem.
Do you have 2 nics on your machine?
|
|
|
12-05-2003, 10:05 AM
|
#9
|
Member
Registered: Jul 2003
Location: NorthWest US.
Distribution: Redhat 8,9, FC3, FC4, added FreeBSD
Posts: 35
Original Poster
Rep:
|
rh9 lokkit manulipates the iptables. that is where I gotten lost. To network with samba getting the ports open/allowed in iptables. Do I need these open? or is the networking done differently with samba?
Only 1 nic in each box.
|
|
|
12-05-2003, 10:14 AM
|
#10
|
Member
Registered: Nov 2003
Distribution: RH, Fedora, Debian, Knoppix
Posts: 436
Rep:
|
if you have only 1 nic on each box, none of them is _directly_ connected to the internet right? If you are not _directly_ connected to the internet, there must be a firewall already... Why would you need duplicate firewalling... especially in a file server, which, is, by nature, a lan-only server.
I know lokkit's use, I just don't use it since I write my own firewall scripts with iptables.
Working with samba on a firewalled machine is a pain.
|
|
|
12-05-2003, 10:23 AM
|
#11
|
Member
Registered: Jul 2003
Location: NorthWest US.
Distribution: Redhat 8,9, FC3, FC4, added FreeBSD
Posts: 35
Original Poster
Rep:
|
Let me see if I understand. With my linksys wireless/router/hub the only network to internet connection I do not need to have the RH9 firewall up? The router would be sufficient protection?
|
|
|
12-05-2003, 10:32 AM
|
#12
|
Member
Registered: Nov 2003
Distribution: RH, Fedora, Debian, Knoppix
Posts: 436
Rep:
|
The router is sufficient for a lot of person. I don't run a firewall on my windows machine. I have a netgear router in front of it. In my corporate network, I do firewall rules on my servers in my DMZ, even if there is a firewall in front, but not in my lan.
Try to imagine if anyone running a windows server with exchange, file server and MS-SQL with a firewall!
|
|
|
12-05-2003, 01:49 PM
|
#13
|
Member
Registered: Jul 2003
Location: NorthWest US.
Distribution: Redhat 8,9, FC3, FC4, added FreeBSD
Posts: 35
Original Poster
Rep:
|
For now, rather that starting to learn iptables I'll take down the RH firewall.
Thanks
|
|
|
12-05-2003, 01:54 PM
|
#14
|
Member
Registered: Nov 2003
Distribution: RH, Fedora, Debian, Knoppix
Posts: 436
Rep:
|
I think you'll be secure enough anyways... there is always a compromise between security and usability, after all. But, even when writing iptables rules directly, it must be a serious pain to only allow samba.
|
|
|
12-05-2003, 11:49 PM
|
#15
|
LQ Newbie
Registered: Sep 2003
Location: Santa Clara
Distribution: RH7 Mandrake9
Posts: 5
Rep:
|
If you want to run samba and firewall on dual nic box, I have an iptables ruleset that works
setup is thus:
[dsl/cablemodem] <----> [router/hub] <-------> [eth1: linux box: eth0] <-------> [hub] === other boxes
lan#1 lan#2
the linux box acts as firewall and saba server to lan#2
The basic rule is that lan#2 is trusted and lan#1 is not. Traffic intended for the linux box is allowed in from lan#2.
If you want the iptables.firewall rulset I can post or email if you're interested.
Incidentally, I've not managed to get a w2k laptop that uses a RSA secureid fob to work through iptables. I suspect its iptables NAT/SNAT but I've not figured it out yet
|
|
|
All times are GMT -5. The time now is 10:17 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|