Re: [leaf-user] Is shorewall configured by default to drop/reject udp broadcasts?

Kory Krofft Mon, 02 Dec 2002 20:41:24 -0800

 Try doing a search for the firewall in the windows "find a computer"
option. My Bering - Samba server does not show up in the browse list.
but works flawlessly. I have network drives mapped to it that reconnect
on boot. You need rules to open net to fw for UDP 137 and 138 as well as
tcp 139.



Kory Krofft


youngdo wrote:
> 
> Hi!
> 
> I am a Bering v1.0-stable user.
> 
> Is shorewall configured by default to drop/reject udp broadcasts?
> 
> I'm trying to setup samba and my windows machines can't see the samba server
> (which is also the firewall).  I see the following errors in log.nmbd:
> 
> [2002/12/02 16:58:02, 0] nmbd/nmbd.c:main(794)
>   Netbios nameserver version 2.2.5 started.
>   Copyright Andrew Tridgell and the Samba Team 1994-2002
> [2002/12/02 16:58:02, 0] nmbd/asyncdns.c:start_async_dns(148)
>   started asyncdns process 31573
> [2002/12/02 16:58:02, 0] 
>nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(339)
>   become_domain_master_browser_wins:
>   Attempting to become domain master browser on workgroup WORK, subnet 
>UNICAST_SUBNET.
> [2002/12/02 16:58:02, 0] 
>nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(354)
>   become_domain_master_browser_wins: querying WINS server at IP 192.168.1.254 for 
>domain master browser name WORK<1b> on workgroup WORK
> [2002/12/02 16:58:02, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(114)
>   *****
> 
>   Samba server FIREWALL is now a domain master browser for workgroup WORK on subnet 
>UNICAST_SUBNET
> 
>   *****
> [2002/12/02 16:58:02, 0] 
>nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(291)
>   become_domain_master_browser_bcast:
>   Attempting to become domain master browser on workgroup WORK on subnet 
>192.168.1.254
> [2002/12/02 16:58:02, 0] 
>nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(305)
>   become_domain_master_browser_bcast: querying subnet 192.168.1.254 for domain 
>master browser on workgroup WORK
> [2002/12/02 16:58:04, 0] libsmb/nmblib.c:send_udp(756)
>   Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
> [2002/12/02 16:58:04, 0] 
>nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
>   retransmit_or_expire_response_records: Failed to resend packet id 3317 to IP 
>192.168.1.255 on subnet 192.168.1.254
> [2002/12/02 16:58:04, 0] libsmb/nmblib.c:send_udp(756)
>   Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
> [2002/12/02 16:58:04, 0] 
>nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
>   retransmit_or_expire_response_records: Failed to resend packet id 3318 to IP 
>192.168.1.255 on subnet 192.168.1.254
> [2002/12/02 16:58:04, 0] libsmb/nmblib.c:send_udp(756)
>   Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
> [2002/12/02 16:58:04, 0] 
>nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
>   retransmit_or_expire_response_records: Failed to resend packet id 3319 to IP 
>192.168.1.255 on subnet 192.168.1.254
> [2002/12/02 16:58:04, 0] libsmb/nmblib.c:send_udp(756)
>   Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
> [2002/12/02 16:58:04, 0] 
>nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
>   retransmit_or_expire_response_records: Failed to resend packet id 3320 to IP 
>192.168.1.255 on subnet 192.168.1.254
> [2002/12/02 16:58:04, 0] libsmb/nmblib.c:send_udp(756)
>   Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
> [2002/12/02 16:58:04, 0] 
>nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
>   retransmit_or_expire_response_records: Failed to resend packet id 3321 to IP 
>192.168.1.255 on subnet 192.168.1.254
> [2002/12/02 16:58:04, 0] libsmb/nmblib.c:send_udp(756)
>   Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
> [2002/12/02 16:58:04, 0] 
>nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
>   retransmit_or_expire_response_records: Failed to resend packet id 3330 to IP 
>192.168.1.255 on subnet 192.168.1.254
> [2002/12/02 16:58:05, 0] libsmb/nmblib.c:send_udp(756)
>   Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
> [2002/12/02 16:58:05, 0] 
>nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
>   retransmit_or_expire_response_records: Failed to resend packet id 3317 to IP 
>192.168.1.255 on subnet 192.168.1.254
> [2002/12/02 16:58:05, 0] libsmb/nmblib.c:send_udp(756)
>   Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
> [2002/12/02 16:58:05, 0] 
>nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
>   retransmit_or_expire_response_records: Failed to resend packet id 3318 to IP 
>192.168.1.255 on subnet 192.168.1.254
> [2002/12/02 16:58:05, 0] libsmb/nmblib.c:send_udp(756)
>   Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
> [2002/12/02 16:58:05, 0] 
>nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
>   retransmit_or_expire_response_records: Failed to resend packet id 3319 to IP 
>192.168.1.255 on subnet 192.168.1.254
> [2002/12/02 16:58:05, 0] libsmb/nmblib.c:send_udp(756)
>   Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
> [2002/12/02 16:58:05, 0] 
>nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
>   retransmit_or_expire_response_records: Failed to resend packet id 3320 to IP 
>192.168.1.255 on subnet 192.168.1.254
> [2002/12/02 16:58:05, 0] libsmb/nmblib.c:send_udp(756)
>   Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
> [2002/12/02 16:58:05, 0] 
>nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
>   retransmit_or_expire_response_records: Failed to resend packet id 3321 to IP 
>192.168.1.255 on subnet 192.168.1.254
> [2002/12/02 16:58:05, 0] libsmb/nmblib.c:send_udp(756)
>   Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
> [2002/12/02 16:58:05, 0] 
>nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
>   retransmit_or_expire_response_records: Failed to resend packet id 3330 to IP 
>192.168.1.255 on subnet 192.168.1.254
> [2002/12/02 16:58:06, 0] libsmb/nmblib.c:send_udp(756)
>   Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
> [2002/12/02 16:58:06, 0] 
>nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
>   retransmit_or_expire_response_records: Failed to resend packet id 3317 to IP 
>192.168.1.255 on subnet 192.168.1.254
> [2002/12/02 16:58:06, 0] libsmb/nmblib.c:send_udp(756)
>   Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
> [2002/12/02 16:58:06, 0] 
>nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
>   retransmit_or_expire_response_records: Failed to resend packet id 3318 to IP 
>192.168.1.255 on subnet 192.168.1.254
> [2002/12/02 16:58:06, 0] libsmb/nmblib.c:send_udp(756)
>   Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
> [2002/12/02 16:58:06, 0] 
>nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
>   retransmit_or_expire_response_records: Failed to resend packet id 3319 to IP 
>192.168.1.255 on subnet 192.168.1.254
> [2002/12/02 16:58:06, 0] libsmb/nmblib.c:send_udp(756)
>   Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
> [2002/12/02 16:58:06, 0] 
>nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
>   retransmit_or_expire_response_records: Failed to resend packet id 3320 to IP 
>192.168.1.255 on subnet 192.168.1.254
> [2002/12/02 16:58:06, 0] libsmb/nmblib.c:send_udp(756)
>   Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
> [2002/12/02 16:58:06, 0] 
>nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
>   retransmit_or_expire_response_records: Failed to resend packet id 3321 to IP 
>192.168.1.255 on subnet 192.168.1.254
> [2002/12/02 16:58:06, 0] libsmb/nmblib.c:send_udp(756)
>   Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
> [2002/12/02 16:58:06, 0] 
>nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
>   retransmit_or_expire_response_records: Failed to resend packet id 3330 to IP 
>192.168.1.255 on subnet 192.168.1.254
> [2002/12/02 16:58:07, 0] libsmb/nmblib.c:send_udp(756)
>   Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
> [2002/12/02 16:58:07, 0] nmbd/nmbd_packets.c:send_netbios_packet(172)
>   send_netbios_packet: send_packet() to IP 192.168.1.255 port 137 failed
> [2002/12/02 16:58:07, 0] nmbd/nmbd_nameregister.c:register_name(360)
>   register_name: Failed to send packet trying to register name WORK<1b>
> [2002/12/02 16:58:09, 0] libsmb/nmblib.c:send_udp(756)
>   Packet send failed to 192.168.1.255(138) ERRNO=Operation not permitted
> [2002/12/02 16:58:11, 0] libsmb/nmblib.c:send_udp(756)
>   Packet send failed to 192.168.1.255(138) ERRNO=Operation not permitted
> [2002/12/02 16:58:25, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(404)
>   *****
> 
>   Samba name server FIREWALL is now a local master browser for workgroup WORK on 
>subnet 192.168.1.254
> 
>   *****
> 
> My /etc/shorewall/  flies:
> 
> Shorewall 1.3.10
> 
> /etc/shorewall/interfaces
> net     ppp0            -                 noping
> loc     eth1            detect          routestopped
> loc     ppp+
> 
> /etc/shorewall/policy
> loc             loc             ACCEPT
> loc             net             ACCEPT
> net             all              DROP         info
> all               all              REJECT      info
> 
> /etc/shorewall/rules
> ACCEPT          net       fw            tcp     1723
> ACCEPT          net       fw            47      -
> ACCEPT          fw        net           47      -
> ACCEPT          fw        loc           udp    137:139
> ACCEPT          fw        loc           tcp     137,139
> ACCEPT          fw        loc           udp    1024:   137
> ACCEPT          loc       fw            udp    137:139
> ACCEPT          loc       fw            tcp     137,139
> ACCEPT          loc       fw            udp    1024:   137
> 
> /etc/shorewall/masq
> ppp0              eth1
> 
> /etc/shorewall/tunnels
> pptpserver              net     0.0.0.0/0
> 
> /etc/samba/smb.conf
> 
> [global]
>  workgroup = WORK
>  domain master = yes
>  local master = yes
>  preferred master = yes
>  os level = 65
>  wins support = yes
>  name resolve order = wins lmhosts hosts bcast
> [test]
>  comment = for testing only, please
>  path = /export/samba/test
>  readonly = no
>  guest ok = yes
> 
> 
> Thanks,
> 
> -Youngdo
> 
> 
>N¬HYÞµéšŠX¬²š'²ŠÞu¼†zÛazw°=©fNéà²×§N§v¥tú0z°¨–Šâ§(š–œ¶È³zm§ÿÚvË(º·~ŠàzwýÈ"n)ÿçbç-¦ZZ–m4Óg§•æŸºÇ«™¨¥Šx%ŠËey§î±êåŠËl²‹«qçè®§zØm¶›?þX¬¶Ë(º·~ŠàzwþX¬¶ÏåŠËbú?•æŸºÇ«I@Bm§ÿåy§é®ˆÞrÚ+ƒúno÷hs÷hrf§j«ýÚ‰Ý|÷Xmml==



-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T
handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Is shorewall configured by default to drop/reject udp broadcasts?

Reply via email to