smb browsing broken by firewall
Charles R. Anderson
cra at WPI.EDU
Mon Jan 19 04:55:14 UTC 2004
If you run system-config-securitylevel and enable the firewall, the
default iptables rules utilize conntrack for a stateful firewall.
This is a good thing.
The rules, however, are insufficient to allow network browsing to work
in SMB applications such as nautilus smb:/// (Network Servers). I
have traced this down to the fact that iptables/netfilter conntrack
code does not support tracking protocols which use broadcast/multicast
packets. This will affect all broadcast/multicast-based network
clients.
My question is, how should we fix this? This thread mentions the
possibility of implementing the broadcast/multicast support in the
conntrack kernel module, or using the -m recent module to poke holes
in the firewall:
http://www.spinics.net/lists/netfilter/msg21815.html
What are people's thoughts on how to solve this problem?
More information about the fedora-devel-list
mailing list