[Firehol-support] Using "client all accept" isn't enough to access samba shares
Costa Tsaousis
costa at tsaousis.gr
Wed Feb 25 22:49:39 GMT 2009
Laurento Frittella wrote:
>>> Hi all,
>>> if I use "client all accept" (but I've tried with "client samba accept"
>>> too) firehol still filter some useful traffic:
>>>
>>> Dec 23 17:49:52 thot IN-lan:IN=eth0 OUT=
>>> MAC=00:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=10.0.0.1 DST=10.0.0.20
>>> LEN=96 TOS=0x00 PREC=0x00 TTL=128 ID=27951 PROTO=UDP SPT=137 DPT=48003
>>> LEN=76
>>>
>>> (where 10.0.0.1 is the samba server and 10.0.0.20 my notebook running
>>> firehol)
>>>
>>> If I stop firehol (disabling all filtering) all works well. How can I
>>> solve this issue?
I am very sorry, but you cannot. Check this:
http://firehol.sourceforge.net/services.html?#samba
What you can do is:
at the top of firehol.conf define this:
# Remote CIFS, to make samba work for clients
server_rcifs_ports="udp/1024:65535"
client_rcifs_ports="137"
then, in your interface add:
client samba accept
server rcifs accept src 10.0.0.1
Remember that this server statement opens all your high UDP ports from
the samba server's port udp/137.
Costa
More information about the Firehol-support
mailing list