smb browsing broken by firewall
shane at geeklords.org
shane at geeklords.org
Mon Jan 19 06:09:40 UTC 2004
Correct me if I am wrong, but if I remember my SMB protocol correctly
doesn't it support 3 modes. Broadcast, multicast and point to point
(unicast)? If I remember correctly I also believe modern win98+ defaults
to unicast when talking to a winserver, master browser or active
directory when browsing. If true, the broadcast/multicast firewall issue
doesn't seem like that big of a deal to me or am I missing something?
Shane.
On Sun, 18 Jan 2004, Charles R. Anderson wrote:
> If you run system-config-securitylevel and enable the firewall, the
> default iptables rules utilize conntrack for a stateful firewall.
> This is a good thing.
>
> The rules, however, are insufficient to allow network browsing to work
> in SMB applications such as nautilus smb:/// (Network Servers). I
> have traced this down to the fact that iptables/netfilter conntrack
> code does not support tracking protocols which use broadcast/multicast
> packets. This will affect all broadcast/multicast-based network
> clients.
>
> My question is, how should we fix this? This thread mentions the
> possibility of implementing the broadcast/multicast support in the
> conntrack kernel module, or using the -m recent module to poke holes
> in the firewall:
>
> http://www.spinics.net/lists/netfilter/msg21815.html
>
> What are people's thoughts on how to solve this problem?
>
>
>
--
"Given enough time, all legal battles in the tech industry will invoke the
DMCA. This generally means that all constructive arguments have ended."
-NialScorva (slashdot poster)
More information about the fedora-devel-list
mailing list