You are not getting any response since this has nothing to do with routing/firewalling it has to do with samba and how samba works. Since you do not have a domain samba works very peculiar - like it will broadcast and then wait to send out directed datagrams. Again read up on samba - what my opinion is is that the client is beginning with a broadcast which doesn't get forwarded; the client then waits for a timeout and finally directs a datagram to the samba server directly which then does make it through the router. -----Original Message----- From: azeem ahmad [mailto:azeem484@xxxxxxxxxxx] Sent: Friday, May 28, 2004 3:33 PM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: RE: iptables and samba the output of tcpdump that i have posted i last message is the output of the command #tcpdump -i eth0 host 192.168.0.2 and i only have one internal interface eth0 and one extrnal interface ppp0 Regards Azeem >From: Aldo Lagana <ALagana@xxxxxxx> >To: 'azeem ahmad' <azeem484@xxxxxxxxxxx>, netfilter@xxxxxxxxxxxxxxxxxxx >Subject: RE: iptables and samba >Date: Thu, 27 May 2004 17:07:19 -0400 > >tcpdump individually on the interfaces that the routing is going through >while you attempt to 'browse' or whatever. >You should see packets coming into your input interface but maybe NOT going >out the output interface?!? > ># tcpdump -i eth0 > /home/eth0.log & ># tcpdump -i eth1 > /home/eth1.log & > >(dont forget to kill both processes when done!) > >-----Original Message----- >From: azeem ahmad [mailto:azeem484@xxxxxxxxxxx] >Sent: Thursday, May 27, 2004 4:57 PM >To: netfilter@xxxxxxxxxxxxxxxxxxx >Subject: RE: iptables and samba > > > > >neither WINS nor DNS is on my network. only a caching only name server i m >running. and i captured the output of /var/log/messages and that is as >below >and i added rules for port udp 137,139,139 and tcp 137,138,139 mean all >three ports of both protocols but it doesnt seem to work > >--------------------------------------------------------------------------- - >-------------------------------------------------- >May 28 01:36:27 subzero kernel: IN=eth0 OUT= >MAC=00:b0:d0:3d:84:1f:00:07:e9:f4:4d:ce:08:00 SRC=192.168.0.2 >DST=192.168.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=51870 PROTO=ICMP >TYPE=8 CODE=0 ID=512 SEQ=1024 >May 28 01:36:32 subzero kernel: IN=eth0 OUT= >MAC=00:b0:d0:3d:84:1f:00:07:e9:f4:4d:ce:08:00 SRC=192.168.0.2 >DST=192.168.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=51873 PROTO=ICMP >TYPE=8 CODE=0 ID=512 SEQ=1280 >May 28 01:36:38 subzero kernel: IN=eth0 OUT= >MAC=00:b0:d0:3d:84:1f:00:07:e9:f4:4d:ce:08:00 SRC=192.168.0.2 >DST=192.168.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=51878 PROTO=ICMP >TYPE=8 CODE=0 ID=512 SEQ=1536 >May 28 01:36:43 subzero kernel: IN=eth0 OUT= >MAC=00:b0:d0:3d:84:1f:00:07:e9:f4:4d:ce:08:00 SRC=192.168.0.2 >DST=192.168.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=51879 PROTO=ICMP >TYPE=8 CODE=0 ID=512 SEQ=1792 >May 28 01:36:57 subzero kernel: IN=eth0 OUT= >MAC=ff:ff:ff:ff:ff:ff:00:07:e9:f4:4d:ce:08:00 SRC=192.168.0.2 >DST=255.255.255.255 LEN=51 TOS=0x00 PREC=0x00 TTL=128 ID=51886 PROTO=UDP >SPT=8167 DPT=8167 LEN=31 >May 28 01:36:59 subzero samba(pam_unix)[2284]: session closed for user >azeem >May 28 01:38:09 subzero kernel: IN=eth0 OUT= >MAC=ff:ff:ff:ff:ff:ff:00:07:e9:f4:4d:ce:08:00 SRC=192.168.0.2 >DST=255.255.255.255 LEN=81 TOS=0x00 PREC=0x00 TTL=128 ID=32 PROTO=UDP >SPT=8167 DPT=8167 LEN=61 >May 28 01:38:09 subzero kernel: IN=eth0 OUT= >MAC=ff:ff:ff:ff:ff:ff:00:07:e9:f4:4d:ce:08:00 SRC=192.168.0.2 >DST=255.255.255.255 LEN=45 TOS=0x00 PREC=0x00 TTL=128 ID=33 PROTO=UDP >SPT=8167 DPT=8167 LEN=25 >May 28 01:38:09 subzero kernel: IN=eth0 OUT= >MAC=ff:ff:ff:ff:ff:ff:00:07:e9:f4:4d:ce:08:00 SRC=192.168.0.2 >DST=255.255.255.255 LEN=45 TOS=0x00 PREC=0x00 TTL=128 ID=35 PROTO=UDP >SPT=8167 DPT=8167 LEN=25 >May 28 01:38:29 subzero kernel: IN=eth0 OUT= >MAC=ff:ff:ff:ff:ff:ff:00:07:e9:f4:4d:ce:08:00 SRC=192.168.0.2 >DST=255.255.255.255 LEN=45 TOS=0x00 PREC=0x00 TTL=128 ID=43 PROTO=UDP >SPT=8167 DPT=8167 LEN=25 >May 28 01:38:59 subzero samba(pam_unix)[2552]: session opened for user must >by (uid=0) >May 28 01:39:33 subzero kernel: IN=lo OUT= >MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 >LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=7796 DF PROTO=TCP SPT=35625 DPT=80 >WINDOW=32767 RES=0x00 SYN URGP=0 >May 28 01:39:36 subzero kernel: IN=lo OUT= >MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 >LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=7797 DF PROTO=TCP SPT=35625 DPT=80 >WINDOW=32767 RES=0x00 SYN URGP=0 >May 28 01:39:42 subzero kernel: IN=lo OUT= >MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 >LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=7798 DF PROTO=TCP SPT=35625 DPT=80 >WINDOW=32767 RES=0x00 SYN URGP=0 >May 28 01:39:50 subzero kernel: IN=ppp0 OUT= MAC= SRC=202.124.201.161 >DST=202.124.192.166 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=38996 DF PROTO=TCP >SPT=4811 DPT=2745 WINDOW=8760 RES=0x00 SYN URGP=14133 >May 28 01:39:54 subzero kernel: IN=lo OUT= >MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 >LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=7799 DF PROTO=TCP SPT=35625 DPT=80 >WINDOW=32767 RES=0x00 SYN URGP=0 >May 28 01:40:18 subzero kernel: IN=lo OUT= >MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 >LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=7800 DF PROTO=TCP SPT=35625 DPT=80 >WINDOW=32767 RES=0x00 SYN URGP=0 >May 28 01:41:06 subzero kernel: IN=lo OUT= >MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 >LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=7801 DF PROTO=TCP SPT=35625 DPT=80 >WINDOW=32767 RES=0x00 SYN URGP=0 >May 28 01:41:33 subzero kernel: IN=lo OUT= >MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 >LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8465 DF PROTO=TCP SPT=35699 DPT=80 >WINDOW=32767 RES=0x00 SYN URGP=0 >May 28 01:41:36 subzero kernel: IN=lo OUT= >MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 >LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8466 DF PROTO=TCP SPT=35699 DPT=80 >WINDOW=32767 RES=0x00 SYN URGP=0 >May 28 01:41:42 subzero kernel: IN=lo OUT= >MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 >LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8467 DF PROTO=TCP SPT=35699 DPT=80 >WINDOW=32767 RES=0x00 SYN URGP=0 >May 28 01:41:54 subzero kernel: IN=lo OUT= >MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 >LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8468 DF PROTO=TCP SPT=35699 DPT=80 >WINDOW=32767 RES=0x00 SYN URGP=0 >May 28 01:42:18 subzero kernel: IN=lo OUT= >MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 >LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8469 DF PROTO=TCP SPT=35699 DPT=80 >WINDOW=32767 RES=0x00 SYN URGP=0 >May 28 01:42:32 subzero kernel: IN=lo OUT= >MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 >LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=32770 DPT=53 LEN=45 >May 28 01:43:06 subzero kernel: IN=lo OUT= >MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 >LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8470 DF PROTO=TCP SPT=35699 DPT=80 >WINDOW=32767 RES=0x00 SYN URGP=0 >--------------------------------------------------------------------------- - >--------------------------------------------------------- > >Regards >Azeem > >From: <alexis@xxxxxxxxxxx> > >To: "azeem ahmad" <azeem484@xxxxxxxxxxx> > >CC: <netfilter@xxxxxxxxxxxxxxxxxxx> > >Subject: RE: iptables and samba > >Date: Thu, 27 May 2004 16:28:35 -0000 > > > >it seems a name resolution issue. > > > >check if you're using WINS or DNS and make sure you're allowing those >ports > >in orden to resolve the names. and it will work just fine > > > >azeem ahmad <azeem484@xxxxxxxxxxx> dijo: > > > > > > > > no one out there could help me? > > > > > > >From: "azeem ahmad" <azeem484@xxxxxxxxxxx> > > > >To: netfilter@xxxxxxxxxxxxxxxxxxx > > > >Subject: iptables and samba > > > >Date: Sun, 23 May 2004 09:20:52 +0000 > > > > > > > >hi > > > >i m using the script below > > > > > > >--------------------------------------------------------------------------- > >---------------------------------------------------------- > > > >iptables -F > > > >iptables -t nat -F > > > >iptables -P INPUT DROP > > > >iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > > > >iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT > > > >iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT > > > >iptables -A INPUT -i eth0 -p tcp --dport 53 -j ACCEPT > > > >iptables -A INPUT -i eth0 -p udp --dport 53 -j ACCEPT > > > >iptables -A INPUT -i eth0 -p udp --dport 137 -j ACCEPT > > > >iptables -A INPUT -i eth0 -p udp --dport 138 -j ACCEPT > > > >iptables -A INPUT -i eth0 -p tcp --dport 139 -j ACCEPT > > > > > > > >iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port > >8080 > > > >#iptables -t nat -A PREROUTING -p udp --dport 80 -j REDIRECT >--to-port > >8080 > > > > > > > >iptables -P FORWARD DROP > > > >iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT > > > >iptables -A FORWARD -i eth0 -p tcp --dport 21 -j ACCEPT > > > >iptables -A FORWARD -i eth0 -p tcp --dport 443 -j ACCEPT > > > >iptables -A FORWARD -i eth0 -p tcp --dport 5000 -j ACCEPT > > > >iptables -A FORWARD -i eth0 -p tcp --dport 5001 -j ACCEPT > > > >iptables -A FORWARD -i eth0 -p tcp --dport 5005 -j ACCEPT > > > >iptables -A FORWARD -i eth0 -p tcp --dport 5050 -j ACCEPT > > > >iptables -A FORWARD -i eth0 -p tcp --dport 6660:6670 -j ACCEPT > > > >iptables -A FORWARD -i eth0 -p tcp --dport 7000 -j ACCEPT > > > >iptables -A FORWARD -i eth0 -p tcp --dport 28805 -j ACCEPT > > > >iptables -A FORWARD -i eth0 -p tcp --dport 51215 -j ACCEPT > > > > > > > >iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE > > > > > > >--------------------------------------------------------------------------- > >---------------------------------------------------------- > > > > > > > >i have two shares on samba server "Soft and linux" in these shares > >there > > > >are many folders. whenever i run the above script and then i open the > >share > > > >it takes atleast 4 minutes to open the share. but it doesnt take >time > > > >while browsing inside share. > > > >mean there is a folder on soft share like soft/adobe/acrobat/acrobat6 > > > >when i double click on soft it takes atleast 4 minutes but after that > >when > > > >i click on adobe then acrobat then acrobat6 it takes now time it just > >brose > > > >them normally. same problem is with the other share named linux. > > > >but if i dont run this script then all shares work fine with no delay > > > > > > > >i dont know what is the udp port 80 for but i just saw its traffic on > >my > > > >network in iptraf so i included it in my script > > > > > > > >Regards > > > >Azeem > > > > > > > >_________________________________________________________________ > > > >Add photos to your e-mail with MSN 8. Get 2 months FREE*. > > > >http://join.msn.com/?page=features/featuredemail > > > > > > > > > > > > > > _________________________________________________________________ > > > The new MSN 8: smart spam protection and 2 months FREE* > > > http://join.msn.com/?page=features/junkmail > > > > > > > > > > > > > > > > >-- > > > > > > > >_________________________________________________________________ >Help STOP SPAM with the new MSN 8 and get 2 months FREE* >http://join.msn.com/?page=features/junkmail > > > >Visit our website at http://www.p21.com/visit >The information in this e-mail is confidential and may contain legally >privileged information. It is intended solely for the person or entity to >which it is addressed. Access to this e-mail by anyone else is >unauthorized. If you are not the intended recipient, any disclosure, >copying, distribution, action taken, or action omitted to be taken in >reliance on it, is prohibited and may be unlawful. If you received this >e-mail in error, please contact the sender and delete the material from any >computer. > > > _________________________________________________________________ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail Visit our website at http://www.p21.com/visit The information in this e-mail is confidential and may contain legally privileged information. It is intended solely for the person or entity to which it is addressed. Access to this e-mail by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution, action taken, or action omitted to be taken in reliance on it, is prohibited and may be unlawful. If you received this e-mail in error, please contact the sender and delete the material from any computer.
