On Thu, 2003-01-23 at 07:07, antonio montagnani wrote: > Iain Buchanan wrote: > >On Tue, 2003-01-21 at 23:42, antonio montagnani wrote: > > > If I digit smb: in the command line I get the message: > > > > > > Nautilus can't display smb:/// > > > > > > But if I digit smb://192.168.0.40 I get shares displayed in Nautilus window. > > > Any suggestion to a newbie of Samba??? > > > [snip] > > So check your firewall. > > > > > Tnx Iain. > > I am really a newbie...I should have figured that way, as from other > machines not behind firewall smb: worked. > I have to check which ports are to be opened, but this is another job of > mine. The ones to look out for are 137, 138, 139 and 445. Sometimes UDP _and_ TCP. I highly suggest though that you read some how-to's first, because otherwise this may go over your head (don't know exactly how much you know, but it went over my head first, second and third time around): http://tldp.org/HOWTO/Firewall-HOWTO.html and the comprehensive http://www.netfilter.org/documentation/tutorials/blueflux/iptables-tutorial.html and possibly even http://tldp.org/HOWTO/Samba-Authenticated-Gateway-HOWTO.html Just quickly though, if you're using iptables, I have noticed these things that you might find helpful (172.16.0.0 is my subnet). 1) Computers connect directly to your machine on these ports: allow if protocol is UDP and source is 172.16.0.0/255.255.255.0 and destination is 172.16.0.0/255.255.255.0 and destination ports are 137,138,139,445 2) Sometimes computers try and connect _from_ 137 to an arbitrary port: allow if protocol is UDP and source is 172.16.0.0/255.255.255.0 and source port is 137 3) rule (1) isn't enough, because TCP is used as well. This is also used for broadcasts, so a specific destination address wont help: allow if protocol is TCP and source is 172.16.0.0/255.255.255.0 and destination ports are 137,138,139,445 I have built up this list slowly by watching my logs to see what was rejected when I used smb to/from my machine. Of course you should also have: 4) allow if established or related. and 5) default policy drop _and_ don't open this on an internet port. I haven't exactly given you verbatim whats in my iptables file, these are only run for my internal eth0. Anything on ppp0 is dropped! The iptables for these rules are as follows: 1) -A INPUT -p udp -m udp -m multiport -s 172.16.0.0/255.255.255.0 -d 172.16.0.0/255.255.255.0 --dports 137,138,139,445 -j ACCEPT 2) -A INPUT -p udp -m udp -s 172.16.0.0/255.255.255.0 --sport 137 -j ACCEPT 3) -A INPUT -p tcp -m tcp -m multiport -s 172.16.0.0/255.255.255.0 --dports 137,138,139,445 -j ACCEPT 4) -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 5) :INPUT DROP [0:0] Hope this helps! -- Iain Buchanan <iain@nospam.pcorp.com.au> Just because your doctor has a name for your condition doesn't mean he knows what it is.
Attachment:
signature.asc
Description: This is a digitally signed message part
