LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 12-05-2003, 09:23 AM   #1
jwspring
Member
 
Registered: Jul 2003
Location: NorthWest US.
Distribution: Redhat 8,9, FC3, FC4, added FreeBSD
Posts: 35

Rep: Reputation: 15
Lightbulb RH9 SAMBA and Firewall


I'm not sure this belongs here, but I'll try anyway. I have the infamous WPC11V4 card up against the Linksys BEFW11S4 router. and a W2K box hardwired. After following threads and plugging away I have my network up, only due to everyone here. I have been attempting to get SAMBA to work over the wireless network to no avail, until I read about the firewall and "lokkit". I was never able to understand how tpo network / samba with the firewall set to high. I tried adding ports 137,138,139,445. Nothing. In a final desperate attempt I disabled the firewall "SAMBA workes" Knowing this is not a smart way to run I reset the firewall to high.

Ok, how do I set it so samba/smb ports oben on my linux rh9 system?

I've found most other answers here so I know it's in here somewhere.


Jwspring
 
Old 12-05-2003, 09:31 AM   #2
ugob
Member
 
Registered: Nov 2003
Distribution: RH, Fedora, Debian, Knoppix
Posts: 436

Rep: Reputation: 31
can't you disable your firewall during your test phase? is your machine directly connected to the internet? if not, do a
service iptables stop

then do your testing

Make sure samba is running

do a

netstat -lp

to see if you've got somethin on ports 137, 139 and so on.

have you done a service smb start or service smb restart?
 
Old 12-05-2003, 09:36 AM   #3
jwspring
Member
 
Registered: Jul 2003
Location: NorthWest US.
Distribution: Redhat 8,9, FC3, FC4, added FreeBSD
Posts: 35

Original Poster
Rep: Reputation: 15
The ports 137-139,445901 are all in the services file. SMB and Samba are running. nmbd,smbd are on the ps -A list. Only setting rh9 to no firewall allowed the w2k to access linux.
 
Old 12-05-2003, 09:40 AM   #4
ugob
Member
 
Registered: Nov 2003
Distribution: RH, Fedora, Debian, Knoppix
Posts: 436

Rep: Reputation: 31
Could you re-phrase that: "Only setting rh9 to no firewall allowed the w2k to access linux." ?

Please re-read my post? can you afford to disable the firewall during test?
 
Old 12-05-2003, 09:46 AM   #5
jwspring
Member
 
Registered: Jul 2003
Location: NorthWest US.
Distribution: Redhat 8,9, FC3, FC4, added FreeBSD
Posts: 35

Original Poster
Rep: Reputation: 15
sorry,

For my testing I did disable the firewall with 'lokkit' This was how I was able to get it working. I have not viewed the logs. I had ethereal running on both th w2k system and my rh9 system. This showed the protocol attempts with the connection failures
 
Old 12-05-2003, 09:50 AM   #6
ugob
Member
 
Registered: Nov 2003
Distribution: RH, Fedora, Debian, Knoppix
Posts: 436

Rep: Reputation: 31
so you've got it running without a firewall?

if it doesn't work without firewall, go see your samba logs.
 
Old 12-05-2003, 09:53 AM   #7
jwspring
Member
 
Registered: Jul 2003
Location: NorthWest US.
Distribution: Redhat 8,9, FC3, FC4, added FreeBSD
Posts: 35

Original Poster
Rep: Reputation: 15
Yep, samba will come up and run without a firewall. "no firewall" is not a option when connected to the internet. I'm looking for how to open the samba/smb ports with the firewall up. ports 137,138,139, along with 445 and 901.
 
Old 12-05-2003, 09:59 AM   #8
ugob
Member
 
Registered: Nov 2003
Distribution: RH, Fedora, Debian, Knoppix
Posts: 436

Rep: Reputation: 31
ok, the problem is configuring the firewall?

The real answer is to learn Iptables, but you won't like it. I don't know lokkit so I can't help you. But I know samba uses broadcasts a lot, that might be the problem.

Do you have 2 nics on your machine?
 
Old 12-05-2003, 10:05 AM   #9
jwspring
Member
 
Registered: Jul 2003
Location: NorthWest US.
Distribution: Redhat 8,9, FC3, FC4, added FreeBSD
Posts: 35

Original Poster
Rep: Reputation: 15
rh9 lokkit manulipates the iptables. that is where I gotten lost. To network with samba getting the ports open/allowed in iptables. Do I need these open? or is the networking done differently with samba?

Only 1 nic in each box.
 
Old 12-05-2003, 10:14 AM   #10
ugob
Member
 
Registered: Nov 2003
Distribution: RH, Fedora, Debian, Knoppix
Posts: 436

Rep: Reputation: 31
if you have only 1 nic on each box, none of them is _directly_ connected to the internet right? If you are not _directly_ connected to the internet, there must be a firewall already... Why would you need duplicate firewalling... especially in a file server, which, is, by nature, a lan-only server.

I know lokkit's use, I just don't use it since I write my own firewall scripts with iptables.

Working with samba on a firewalled machine is a pain.
 
Old 12-05-2003, 10:23 AM   #11
jwspring
Member
 
Registered: Jul 2003
Location: NorthWest US.
Distribution: Redhat 8,9, FC3, FC4, added FreeBSD
Posts: 35

Original Poster
Rep: Reputation: 15
Let me see if I understand. With my linksys wireless/router/hub the only network to internet connection I do not need to have the RH9 firewall up? The router would be sufficient protection?
 
Old 12-05-2003, 10:32 AM   #12
ugob
Member
 
Registered: Nov 2003
Distribution: RH, Fedora, Debian, Knoppix
Posts: 436

Rep: Reputation: 31
The router is sufficient for a lot of person. I don't run a firewall on my windows machine. I have a netgear router in front of it. In my corporate network, I do firewall rules on my servers in my DMZ, even if there is a firewall in front, but not in my lan.

Try to imagine if anyone running a windows server with exchange, file server and MS-SQL with a firewall!
 
Old 12-05-2003, 01:49 PM   #13
jwspring
Member
 
Registered: Jul 2003
Location: NorthWest US.
Distribution: Redhat 8,9, FC3, FC4, added FreeBSD
Posts: 35

Original Poster
Rep: Reputation: 15
For now, rather that starting to learn iptables I'll take down the RH firewall.
Thanks
 
Old 12-05-2003, 01:54 PM   #14
ugob
Member
 
Registered: Nov 2003
Distribution: RH, Fedora, Debian, Knoppix
Posts: 436

Rep: Reputation: 31
I think you'll be secure enough anyways... there is always a compromise between security and usability, after all. But, even when writing iptables rules directly, it must be a serious pain to only allow samba.
 
Old 12-05-2003, 11:49 PM   #15
Systest7
LQ Newbie
 
Registered: Sep 2003
Location: Santa Clara
Distribution: RH7 Mandrake9
Posts: 5

Rep: Reputation: 0
If you want to run samba and firewall on dual nic box, I have an iptables ruleset that works

setup is thus:

[dsl/cablemodem] <----> [router/hub] <-------> [eth1: linux box: eth0] <-------> [hub] === other boxes
lan#1 lan#2
the linux box acts as firewall and saba server to lan#2

The basic rule is that lan#2 is trusted and lan#1 is not. Traffic intended for the linux box is allowed in from lan#2.

If you want the iptables.firewall rulset I can post or email if you're interested.
Incidentally, I've not managed to get a w2k laptop that uses a RSA secureid fob to work through iptables. I suspect its iptables NAT/SNAT but I've not figured it out yet
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Recommended Firewall for RH9 benbroad Linux - Security 4 11-21-2004 11:35 AM
Firewall in RH9 lovelysheep Linux - Security 3 08-13-2004 03:40 AM
RH9 Firewall..how do I do it all??? Medic6666 Linux - Newbie 4 07-23-2003 10:19 AM
RH9 Firewall davee Linux - Newbie 3 07-17-2003 11:47 AM
RH9 iptables Firewall rigel Linux - Security 2 06-21-2003 12:19 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:55 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration