[Firehol-support] samba problems

[Goetz Bock]

I've a problem with samba:

I've two PC's: pc1 (a.b.c.24/27) and pc2 (a.b.c.17/27). 
pc2 is running fireHOL (1.161) with 

ineterface eth0 world
    server  samba   accept  src $pc1
    ...
    client  samba   accept  dst $pc1 # it's not needed for this setup
    ...

when I now try:

user at pc1 ~ > smbclient \\\\pc2\\user -U user -W domain
added interface ip=a.b.c.24 bcast=a.b.c.31 nmask=255.255.255.224
Connection to files failed
user at pc1 ~ > 

that's not good, on pc2 the log tells me (dmesg):

OUT-world:IN= OUT=eth0 SRC=a.b.c.17 DST=a.b.c.24 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=137 DPT=32771 LEN=70
OUT-world:IN= OUT=eth0 SRC=a.b.c.17 DST=a.b.c.24 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=137 DPT=32771 LEN=70


cat /proc/net/ip_conntrack

udp      17 16 src=a.b.c.24 dst=a.b.c.17 sport=137 dport=137 [UNREPLIED] src=a.b.c.17 dst=a.b.c.24 sport=137 dport=137 use=1
udp      17 16 src=a.b.c.17 dst=a.b.c.31 sport=138 dport=138 [UNREPLIED] src=a.b.c.31 dst=a.b.c.17 sport=138 dport=138 use=1
udp      17 16 src=a.b.c.17 dst=a.b.c.31 sport=137 dport=137 [UNREPLIED] src=a.b.c.31 dst=a.b.c.17 sport=137 dport=137 use=1
udp      17 24 src=a.b.c.24 dst=a.b.c.31 sport=32771 dport=137 [UNREPLIED] src=a.b.c.31 dst=a.b.c.24 sport=137 dport=32771 use=1


If I disablel the firewall everything works fine.
(pc1 and pc2 are UMLs with non modular kernel, but all conntrack and nat
 modules compiled in)
-- 
/"\ Goetz Bock at blacknet dot de  --  secure mobile Linux everNETting
\ /                     (c) 2003 as GNU FDL 1.1
 X   [ 1. Use descriptive subjects - 2. Edit a reply for brevity -  ]
/ \  [ 3. Reply to the list - 4. Read the archive *before* you post ]