[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Samba/iptables problem



The ports you need are as follows:

TCP 139 (netbios-session)
UDP 137 (netbios-nameservice)
UDP 138 (netbios-datagram)

Note that Windows NT boxes also use TCP 135 for RPC connections, but I don't know if Samba requires this unless you need to do User Manager- or Server Manager-type stuff.

One good thing in this case would be to sit on the server itself and try smbclient'ing to a share on itself, just as a sanity check to make sure Samba's still set up correctly. If that works, then try telnetting to TCP 139 from a different box. If you get this kind of thing:

terrell nms ~$ telnet 192.168.1.100 139
Trying 192.168.1.100...
Connected to 192.168.1.100.
Escape character is '^]'.
^]
telnet> quit
Connection closed.
terrell nms ~$


then that's a good sign. If the telnet attempt just sits there and doesn't give you a "Connected" message, then you know it's a packet filtering issue, at least on the TCP side. Another thing I would definitely recommend is running nmap against your server and see what ports are available. Note that you'd need to do one nmap session for TCP, and another one for UDP, because NetBIOS uses both.

--TP

Daniel Loomis wrote:

Since upgrading from 2.1.1 to 3.1.1 I have had problems with a conflict between samba and the iptables firewall. I have added ports 137-139 to the iptables configuration (using lokkit)to allow netbios tcp traffic to pass through.

When iptables is started, I can no longer access the server via netbios (from windows or linux boxes) via eth1. eth0 is trusted and connects my thin clients.

Do I need to add passthrough for udp traffic on ports 137-139?

Dan


_______________________________________________ K12OSN mailing list K12OSN redhat com https://www.redhat.com/mailman/listinfo/k12osn For more info see <http://www.k12os.org>





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]