|
Posted by Dave on February 27, 2008, 4:01 am
If you were Registered and logged in, you could reply and use other advanced thread options
I've a Sun running Solaris 10 which has some samba shares. These work
fine if there is no firewall running on the Sun, but stop when I enable
my firewall, which uses ipfilter.
I have the following 3 rules which I thought would allow this to work as
they should allow both tcp and udp traffic on ports 135 to 138 (I think
so anyway!). But it does not work.
# Allow Samba connections
pass in quick on eri0 proto udp from 192.168.0.0/24 to 192.168.0.9/32
port 135><139 keep state
pass in quick on eri0 proto tcp from 192.168.0.0/24 to 192.168.0.9/32
port 135><139 keep state
192.168.0.9 is the IP address of the Sun which serves the Samba shares.
I wish to be able to access the shares from anywhere on the 192.168.0.x
network.
|
|
Posted by =?ISO-8859-1?Q?Argo_S=F5=F5ru? on February 28, 2008, 5:50 am
If you were Registered and logged in, you could reply and use other advanced thread options
Dave wrote:
> # Allow Samba connections
> pass in quick on eri0 proto udp from 192.168.0.0/24 to 192.168.0.9/32
> port 135><139 keep state
> pass in quick on eri0 proto tcp from 192.168.0.0/24 to 192.168.0.9/32
> port 135><139 keep state
Samba uses the following ports: 135/TCP, 137/UDP, 138/UDP, 139/TCP and
445/TCP
|
|
Posted by Dave on February 28, 2008, 10:37 am
If you were Registered and logged in, you could reply and use other advanced thread options
> Dave wrote:
>> # Allow Samba connections
>> pass in quick on eri0 proto udp from 192.168.0.0/24 to 192.168.0.9/32
>> port 135><139 keep state
>> pass in quick on eri0 proto tcp from 192.168.0.0/24 to 192.168.0.9/32
>> port 135><139 keep state
> Samba uses the following ports: 135/TCP, 137/UDP, 138/UDP, 139/TCP and
> 445/TCP
Thank you for that. I'd not openend 445 at all, which probably explains
why it does not work for me.
That should be easy to fix.
|
|
Posted by Dave on February 28, 2008, 1:50 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Dave wrote:
>> # Allow Samba connections
>> pass in quick on eri0 proto udp from 192.168.0.0/24 to 192.168.0.9/32
>> port 135><139 keep state
>> pass in quick on eri0 proto tcp from 192.168.0.0/24 to 192.168.0.9/32
>> port 135><139 keep state
> Samba uses the following ports: 135/TCP, 137/UDP, 138/UDP, 139/TCP and
> 445/TCP
Thanks, after adding the following rules (and removing those I posted
earlier), Samba now works with ipfilter.
# Allow Samba connections
pass in quick on eri0 proto tcp from 192.168.0.0/24 to 192.168.0.9/32
port = 135 keep state
pass in quick on eri0 proto udp from 192.168.0.0/24 to 192.168.0.9/32
port = 137 keep state
pass in quick on eri0 proto udp from 192.168.0.0/24 to 192.168.0.9/32
port = 138 keep state
pass in quick on eri0 proto tcp from 192.168.0.0/24 to 192.168.0.9/32
port = 139 keep state
pass in quick on eri0 proto tcp from 192.168.0.0/24 to 192.168.0.9/32
port = 445 keep state
|
|
Posted by Wayne on February 28, 2008, 5:46 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Dave wrote:
>> # Allow Samba connections
>> pass in quick on eri0 proto udp from 192.168.0.0/24 to 192.168.0.9/32
>> port 135><139 keep state
>> pass in quick on eri0 proto tcp from 192.168.0.0/24 to 192.168.0.9/32
>> port 135><139 keep state
> Samba uses the following ports: 135/TCP, 137/UDP, 138/UDP, 139/TCP and
> 445/TCP
Do you really need 135/TCP? Microsoft uses that for many things including
Exchange mail, RPC, and WINS management. But I don't think Samba uses it?
-Wayne
|
| Similar Threads | Posted | | ipfilter ftp proxy | February 22, 2005, 1:32 pm |
| How do I configure VPN passthrough with a PIX 501 | May 3, 2007, 1:12 am |
| noob try to configure Firewall, please help | December 31, 2004, 6:02 pm |
| XP SP2 firewall independently configure | April 6, 2005, 6:41 pm |
| NetScreen Client VPN Configure | November 25, 2005, 5:34 pm |
| How to configure gateway for Netscreen 5GT ? | December 1, 2006, 1:35 am |
| How to configure firewall for telewest broadband? | February 26, 2005, 3:04 am |
| How to configure ZoneAlarm to allow my PC access the port on my PC? | April 8, 2006, 6:35 pm |
| How do you configure the EZ Firewall (computer associates)so I can | July 6, 2006, 12:50 am |
| How to configure proxy for VPN User on Check point? | May 27, 2005, 8:21 am |
|
XML site map