Hello Chaps,

I can't get Samba to work on my FC4 system and I know its a firewall problem because when I turn off the firewall, the workgroup and test share are both visible and accessible. With the firewall enabled I can see the workgroup on other machines on my small wireless network - but I can't access the shared folder.

Now, I'll be honest. I think anything to do with IPTables is a bit of a black art; and I have a sneaking suspicion that you chaps who know about such things are involved in some sort of sorcery. (If I have to do anything to with a firewall I use Firestarter - but that has not helped me here).

So, be that as it may, I come to you - Oh Great Wizards - in search of an incantation to cure me of this affliction.

Now, I have consulted the Great Oracle Google, searched this forum and perused various ancient spellbooks and the collected wisdom seems to be that I must verily open up ports 137-139 and 445. Indeed in one dusty old tome I found this potion:

So, I tried this spell but unfortunately my affliction is not cured. Now admittedly, I did not follow the rest of the instructions about dancing naked around the burt-out oak tree on the hilltop at midnight of the full moon - but I'm sure I read somewhere that on a Fedora system that could be replaced with a simple offering of bat's blood poured over a maiden's breast... er... sorry - getting a bit carried away here...

Ahem..

OK so what should I try?


Thanks


Mark

I believe you will need to address both udp and tcp for ports 137,138,139,445.

Also what is your default policy for OUTPUT filter? DROP? ALLOW?

Ermm? Say what?

You've gone all wizard on me. About the only command I know is /sbin/iptables -L. Would you like me to post the output of that?

Mark

k just do this then.... type
system-config-securitylevel

in the "firewall options" tab at the bottom where it says "other ports" add
137:udp, 137:tcp, 138:udp, 138:tcp, 139:udp, 139:tcp, 445:udp, 445:tcp
then click ok


That's the cheap way but it should work

Well Thanks for that. It is certainly a step in the right direction. Now - with just IPTables running - I can access my test share. The problem comes now when I start "Firestarter" (Which I have enabled at boot time). With Firestarter active I can no longer access the samba share.

There is a "policy" in Firestarter to allow smb services on ports 137-139 & 445 but whether this is on or off it won't work with Firestarter active.

What should I do to get it working together with Firestarter?

Thanks again...

Mark

OK I'm still tinkering with this and still failing. Worse than that I think I might have broken something.

When I try to restart the firewall manually I now get an error

Help!

Thanks

Mark

I reckon I had this issue. I had all the rules right, was not seeing any logs and yet SMB did not work correctly with firestarter running.

I found (after a good google) that Firestarter does not log broadcasts that are blocked. SMB is dependent on some broadcasts.

In the advanced firewall options I deselected "Block Broadcasts From External Networks" and it all worked like a charm. {Edit > Prefrences > Advanced Options}

I only have one interface card, so I'm not sure what the difference is between external and internal networks.

Mal