Bug 219717 - Cannot see samba share with firewall on (on both FC6 PC's), but see it from a windows PC.
Cannot see samba share with firewall on (on both FC6 PC's), but see it from a...
Status: CLOSED WORKSFORME
Product: Fedora
Classification: Fedora
Component: samba (Show other bugs)
6
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Simo Sorce
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-12-14 16:24 EST by Need Real Name
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-03-14 11:17:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2006-12-14 16:24:22 EST
Description of problem:
I can see a samba share from windows (OKEE)
But I cant see the samba share from another FC6 host when i look in Xwindows - 
netwerk - Windows netwerk; if i have selected firewall ON and samba ON.
I will see the samba share if i turn OFF the firewall 

Version-Release number of selected component (if applicable):
samba 3.023c-2.i386.rpm

How reproducible:
See above

Steps to Reproduce:
1.
2.
3.
  
Actual results:
see above

Expected results:
See the samba share with the firewall on and the samba square selected

Additional info:
Comment 1 Need Real Name 2006-12-15 07:26:05 EST
In Windows98 - I see the share, but i cant open it.

I have also an vsftp server on FC6 and made a samba share /var/ftp/pub
But i can also make \\elisabethtown\ftp. (I did this in windows XP)
I think this is because vsftp makes public /var/ftp

Conclusion: I cannot use the samba shares with the firewall on.
And i dont see them in FC6-this computer-network

And from the FC6 host (elisabethtown) i cannot go futher than the name off the 
host - i see no shares
Comment 2 Jose Plans 2006-12-15 08:35:26 EST
Looks like a firewall rule issue to me.

Tried here FC6 being the samba server and firewall, and used a CIFS client to
reach it and was successful. ( system-config-securitylevel-1.6.27-1 )

Could you provide the output of this command :
   % /sbin/iptables -L -v

This could well be a netbios firewall rule issue. However without a full
description of the problem we can but guess, and it seems to work for me.
Make sure you have all ports 137,138,139 (for all netbios) 445(2000 and onwards).

Thanks for this output,

    Jose
Comment 3 Need Real Name 2006-12-15 18:25:00 EST
Can you tell me what you mean by
Make sure you have all ports 137,138,139 ....
Where can i check for this ??

Erik


Output of iptables -L -v:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               
destination         
 2703 6664K RH-Firewall-1-INPUT  all  --  any    any     anywhere             
anywhere            

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               
destination         
    0     0 RH-Firewall-1-INPUT  all  --  any    any     anywhere             
anywhere            

Chain OUTPUT (policy ACCEPT 2671 packets, 6301K bytes)
 pkts bytes target     prot opt in     out     source               
destination         

Chain RH-Firewall-1-INPUT (2 references)
 pkts bytes target     prot opt in     out     source               
destination         
 2195 6262K ACCEPT     all  --  lo     any     anywhere             
anywhere            
    0     0 ACCEPT     icmp --  any    any     anywhere             
anywhere            icmp any 
    0     0 ACCEPT     esp  --  any    any     anywhere             
anywhere            
    0     0 ACCEPT     ah   --  any    any     anywhere             
anywhere            
   31  7834 ACCEPT     udp  --  any    any     anywhere             
224.0.0.251         udp dpt:mdns 
   13  2405 ACCEPT     udp  --  any    any     anywhere             
anywhere            udp dpt:ipp 
    0     0 ACCEPT     tcp  --  any    any     anywhere             
anywhere            tcp dpt:ipp 
  385  385K ACCEPT     all  --  any    any     anywhere             
anywhere            state RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  any    any     anywhere             
anywhere            state NEW tcp dpt:ftp 
    0     0 ACCEPT     tcp  --  any    any     anywhere             
anywhere            state NEW tcp dpt:smtp 
    0     0 ACCEPT     tcp  --  any    any     anywhere             
anywhere            state NEW tcp dpt:nfs 
    0     0 ACCEPT     tcp  --  any    any     anywhere             
anywhere            state NEW tcp dpt:ssh 
   73  6054 ACCEPT     udp  --  any    any     anywhere             
anywhere            state NEW udp dpt:netbios-ns 
    5  1206 ACCEPT     udp  --  any    any     anywhere             
anywhere            state NEW udp dpt:netbios-dgm 
    1    48 ACCEPT     tcp  --  any    any     anywhere             
anywhere            state NEW tcp dpt:netbios-ssn 
    0     0 ACCEPT     tcp  --  any    any     anywhere             
anywhere            state NEW tcp dpt:microsoft-ds 
    0     0 ACCEPT     tcp  --  any    any     anywhere             
anywhere            state NEW tcp dpt:https 
    0     0 ACCEPT     tcp  --  any    any     anywhere             
anywhere            state NEW tcp dpt:telnet 
    0     0 ACCEPT     tcp  --  any    any     anywhere             
anywhere            state NEW tcp dpt:http 
    0     0 REJECT     all  --  any    any     anywhere             
anywhere            reject-with icmp-host-prohibited 

Comment 4 Simo Sorce 2007-03-14 11:17:41 EDT
Sorry we can't reproduce this bug, if you still have it please open a new bug
for the system-config-securitylevel package.

Note You need to log in before you can comment on or make changes to this bug.