On Sun, Jun 14, 2009 at 10:35:53AM +0200, Martin Sourada wrote: > > * Samba (outbound) browsing requires firewall mods > I don't know how Samba works, so forgive me if I say obvious stupidity, > but shouldn't *client* work even behind closed firewall (like with any > other services like ssh, ftp, ...)? Isn't this a samba bug then? Not a samba bug, but rather a s-c-firewall/iptables bug. I was involved way back when to make this "just work" out of the box [2], but it seems we've regressed in this area. There is an iptables module called "nf_conntrack_netbios_ns" that makes browsing possible without opening up firewall holes. You can enable it by adding it to the IPTABLES_MODULES list in /etc/sysconfig/iptables-config: IPTABLES_MODULES="nf_conntrack_netbios_ns" You shouldn't need to poke a hole for 137/udp or 138/udp in the firewall when using this module. When an outbound browse broadcast is made, this module allows the replies back in automatically. Help would be appreciated with this since there is a scarcity of NetBIOS Browsing capability where I am these days: [1] https://bugzilla.redhat.com/show_bug.cgi?id=469884 Original bug that proposed the creation of the iptables module: [2] https://bugzilla.redhat.com/show_bug.cgi?id=113918 -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
