All,
 

  The following rules (are supposed) to allow comps inside my firewall to see a samba server on the firewall.

##-> Allows Windows machines on the inside network to access a Samba Server
##-> running on the firewall.
/sbin/ipchains -A input -i eth1 -s 192.168.187.0/255.255.255.0 137 -d 192.168.187.255 137 -p tcp -j ACCEPT
/sbin/ipchains -A input -i eth1 -s 192.168.187.0/255.255.255.0 137 -d 192.168.187.1 137 -p tcp -j ACCEPT
/sbin/ipchains -A output -i eth1 -s 192.168.187.1 137 -d 192.168.187.0/255.255.255.0 137 -p tcp -j ACCEPT
/sbin/ipchains -A input -i eth1 -s 192.168.187.0/255.255.255.0 137 -d 192.168.187.1 137 -p udp -j ACCEPT
/sbin/ipchains -A output -i eth1 -s 192.168.187.1 137 -d 192.168.187.0/255.255.255.0 137 -p udp -j ACCEPT
/sbin/ipchains -A input -i eth1 -s 192.168.187.0/255.255.255.0 1024:65535 -d 192.168.187.1 138 -p udp -j ACCEPT
/sbin/ipchains -A output -i eth1 -s 192.168.187.1 138 -d 192.168.187.0/255.255.255.0 1024:65535 -p udp -j ACCEPT
/sbin/ipchains -A input -i eth1 -s 192.168.187.0/255.255.255.0 1024:65535 -d 192.168.187.1 139 -p tcp -j ACCEPT
/sbin/ipchains -A output -i eth1 -s 192.168.187.1 139 -d 192.168.187.0/255.255.255.0 1024:65535 ! -y -p tcp -j ACCEPT

/sbin/ipchains -A input -i eth0 -s ! 192.168.187.1 137 -d $EXTBC 137 -p udp -j ACCEPT
/sbin/ipchains -A input -i eth0 -s ! 192.168.187.1 137 -d $EXTIP 137 -p tcp -j ACCEPT
/sbin/ipchains -A output -i eth0 -s $EXTIP 137 -d ! 192.168.187.1 137 -p tcp -j ACCEPT
/sbin/ipchains -A input -i eth0 -s ! 192.168.187.1 137 -d $EXTIP 137 -p udp -j ACCEPT
/sbin/ipchains -A output -i eth0 -s $EXTIP 137 -d ! 192.168.187.1 137 -p udp -j ACCEPT
/sbin/ipchains -A input -i eth0 -s ! 192.168.187.1 1024:65535 -d $EXTIP 138 -p udp -j ACCEPT
/sbin/ipchains -A output -i eth0 -s $EXTIP 138 -d ! 192.168.187.1 1024:65535 -p udp -j ACCEPT
/sbin/ipchains -A output -i eth0 -s $EXTIP 139 -d ! 192.168.187.1 1024:65535 ! -y -p tcp -j ACCEPT

The problem is.... they can't see it. In var/log/messages I'm getting the following error.

Feb 17 22:22:19 james nmbd[7782]: Packet send failed to 192.168.187.255(138) ERRNO=Operation not permitted

This is the only "error" message I get in var log message ... When I try to do smbclient -NL somebox I get an error that says
added interface ip=192.168.187.1 bcast=192.168.187.255 nmask=255.255.255.0
error connecting to 192.168.187.2:139 (Connection refused)
Error connecting to 192.168.187.2 (Connection refused)

in var/log/samba/log.nmbd I get:

[2002/02/19 01:29:04, 0] libsmb/nmblib.c:send_udp(755)
  Packet send failed to 192.168.187.255(138) ERRNO=Operation not permitted
[2002/02/19 01:29:06, 0] libsmb/nmblib.c:send_udp(755)
  Packet send failed to 192.168.187.255(138) ERRNO=Operation not permitted
[2002/02/19 01:29:11, 0] nmbd/nmbd_nameregister.c:register_name_response(107)
  register_name_response: server at IP 192.168.187.2 rejected our name registration of DVT<1d> with error code 6.
[2002/02/19 01:29:11, 0] nmbd/nmbd_become_lmb.c:become_local_master_fail2(424) become_local_master_fail2: failed to register name DVT<1d> on subnet 192.168.187.1. Failed to become a local master browser.
[2002/02/19 01:29:11, 0] nmbd/nmbd_namelistdb.c:standard_fail_register(288)
  standard_fail_register: Failed to register/refresh name DVT<1d> on subnet 192.168.187.1

The same error occurs when I try smbclient to the firewall from the firewall... OK anybody able to see where I blew it?

Thanks

James

For help, email discuss-helpmandrakesecure.net; to unsubscribe send a
message to discuss-unsubscribemandrakesecure.net. To visit MandrakeSecure,
go to http://www.mandrakesecure.net/.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]