<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
<span class="moz-smiley-s6"><span> :-[ </span></span>Well, adding my
local systems to /etc/hosts is <u>not</u> a circumvention. It worked
fine this morning, passed several tests like rebooting, turning the
firewall off and back on, ..., but this evening, it doesn't work at
all. Connections fail with the firewall on and work fine with it off.
Having changed nothing since it was working, it makes me wonder if I'm
dealing with a software bug.<br>
<br>
Larry McMains<br>
<br>
Larry McMains wrote:
<blockquote cite="mid:4B6C4179.30509@comcast.net" type="cite">
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
You're right, I do have the address enabled both ways. And I've tried
each individually with the same result. If if the "logs" would be
displayed under "events" by Firestarter, then there is nothing recorded
at all. HOWEVER, I have found a workaround. Googling for the exact
error message, I found in
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://ubuntuforums.org/showthread.php?t=1139113&page=2">http://ubuntuforums.org/showthread.php?t=1139113&page=2</a>
the
suggestion to add the addresses of the local network systems to
/etc/hosts. I did that and, voila, access is now allowed with the
firewall active! <br>
I don't understand why this was required, but it's an easy thing to do.<br>
<br>
Thanks for looking at this.<br>
Larry McMains<br>
<br>
Florin Iucha wrote:
<blockquote cite="mid:20100205052323.GI2519@iris.iucha.org"
type="cite">
<pre wrap="">On Thu, Feb 04, 2010 at 07:17:20PM -0600, Larry McMains wrote:
</pre>
<blockquote type="cite">
<pre wrap=""><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
</pre>
</blockquote>
<pre wrap=""><!---->
</pre>
<blockquote type="cite">
<pre wrap=""><html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
<small>With the rules:<br>
<tt>Allow connections from host<br>
192.168.1.101</tt><br>
and<br>
<tt>Allow Service&nbsp; Port&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; For<br>
Samba(SMB) &nbsp;&nbsp;&nbsp; 137-139 445&nbsp;&nbsp; 192.168.1.101</tt><br>
</small><br>
<small>On the system attempting access, Network Tools, Devices,
Ethernet Interface (eth0), shows it's ipV4 address as 192.168.1.101.<br>
Places &gt; Network&nbsp; usually shows the target system, but double
clicking its icon results in the message "Failed to windows share".<br>
</pre>
</blockquote>
<pre wrap=""><!---->
Oh, my eyes!
What I find puzzling is this:
</pre>
<blockquote type="cite">
<pre wrap="">-A INBOUND -s 192.168.1.101/32 -j ACCEPT
-A INBOUND -s 192.168.1.101/32 -p tcp -m tcp --dport 137:139 -j ACCEPT
-A INBOUND -s 192.168.1.101/32 -p udp -m udp --dport 137:139 -j ACCEPT
-A INBOUND -s 192.168.1.101/32 -p tcp -m tcp --dport 445 -j ACCEPT
-A INBOUND -s 192.168.1.101/32 -p udp -m udp --dport 445 -j ACCEPT
</pre>
</blockquote>
<pre wrap=""><!---->
It seems to match that you have both 'allow connections from 192.168.1.101'
and 'allow certain ports from 192.168.1.101' enabled in your firewall tool.
The first rule says that traffic from 192.168.1.101 should be accepted, so
the next four rules seem superfluous. But I'm a bit rusty here, I gave up on
raw iptables a few years ago and I'm using Shorewall now.
My Shorewall setup says that for Samba you need the following ports:
inbound udp 135,445
inbound udp 137:139
inbound udp 1024: source = 137
inbound tcp 135,139,445
If you check your logs, you should find the dropped packets.
florin
</pre>
<pre wrap=""><hr size="4" width="90%">
_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
<a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:tclug-list@mn-linux.org">tclug-list@mn-linux.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://mailman.mn-linux.org/mailman/listinfo/tclug-list">http://mailman.mn-linux.org/mailman/listinfo/tclug-list</a>
</pre>
</blockquote>
<pre wrap="">
<hr size="4" width="90%">
_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
<a class="moz-txt-link-abbreviated" href="mailto:tclug-list@mn-linux.org">tclug-list@mn-linux.org</a>
<a class="moz-txt-link-freetext" href="http://mailman.mn-linux.org/mailman/listinfo/tclug-list">http://mailman.mn-linux.org/mailman/listinfo/tclug-list</a>
</pre>
</blockquote>
</body>
</html>