Re: [Samba] iptables and samba

azeem ahmad Sat, 29 May 2004 01:39:20 -0700

hi all this is the output of tcpdump that it shows continously in the four minutes that it takes to open the share ------------------------------------------------------------------------------------------------------------------------------------ 02:28:17.294943 192.168.0.100.netbios-ssn > 192.168.0.2.1049: P 28200:28268(68) ack 27225 win 5840 NBT Packet (DF) 02:28:17.295312 192.168.0.2.1049 > 192.168.0.100.netbios-ssn: P 27225:27363(138) ack 28268 win 63495 NBT Packet (DF) 02:28:17.295422 192.168.0.100.netbios-ssn > 192.168.0.2.1049: P 28268:28307(39) ack 27363 win 5840 NBT Packet (DF) 02:28:17.295768 192.168.0.2.1049 > 192.168.0.100.netbios-ssn: P 27363:27408(45) ack 28307 win 63456 NBT Packet (DF) 02:28:17.295873 192.168.0.100.netbios-ssn > 192.168.0.2.1049: P 28307:28346(39) ack 27408 win 5840 NBT Packet (DF) 02:28:17.296297 192.168.0.2.1049 > 192.168.0.100.netbios-ssn: P 27408:27501(93) ack 28346 win 63417 NBT Packet (DF) -------------------------------------------------------------------------------------------------------------------------------------

Regards
Azeem

From: "azeem ahmad" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: [Samba] iptables and samba
Date: Thu, 27 May 2004 22:02:20 +0000
the problem has been partially soved by REJECTing or ACCEPTing the port 445. the effect of ACCEPTing or REJECTing is same and that is: as i stated before that i have two shares named soft and linux. the problem appeares while accessing both shares for the first time (note only for the first time. if i close the share and then triy again the problem doesnt occur unless i restart my client computer) now the problem has been partially solved as if i access one of the two shares it takes 4 minutes but if then i access the 2nd share it doent take time. while before adding this rule it was talking time for the both shares
Regards
Azeem
From: Andrew Gaffney <[EMAIL PROTECTED]>
To: Tom Skeren <[EMAIL PROTECTED]>
CC: azeem ahmad <[EMAIL PROTECTED]>,  [EMAIL PROTECTED]
Subject: Re: [Samba] iptables and samba
Date: Thu, 27 May 2004 16:43:39 -0500
Tom Skeren wrote:
Andrew Gaffney wrote:
azeem ahmad wrote:
hi
i m using the script below
-------------------------------------------------------------------------------------------------------------------------------------
iptables -F
iptables -t nat -F
iptables -P INPUT DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 22   -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 53   -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 53   -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 137  -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 138  -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 139  -j ACCEPT
-------------------------------------------------------------------------------------------------------------------------------------
i have two shares on samba server "Soft and linux" in these shares there are many folders. whenever i run the above script and then i open the share it takes atleast 4 minutes to open the share. but it doesnt take time while browsing inside share. mean there is a folder on soft share like soft/adobe/acrobat/acrobat6 when i double click on soft it takes atleast 4 minutes but after that when i click on adobe then acrobat then acrobat6 it takes now time it just browse them normally. same problem is with the other share named linux. but if i dont run this script then all shares work fine with no delay this problem only occures first time. mean when i browse the share next time it doesnt occur
This is a complete shot in the dark. Windows 2000 (probably) and XP (definately) will look for a SMB server on port 445 first by default. Since you have '-j DROP', the requests to 445 don't get a response. It takes a little bit to timeout and then Windows probably tries to connect again. I bet if you add the following iptables rule, the problem will go away:
iptables -A INPUT -i eth0 -p all --dport 445 -j REJECT
If you have Samba 3.x it will share on port 445.
Okay, so you can change that REJECT to ACCEPT.
--
Andrew Gaffney
Network Administrator
Skyline Aeronautics, LLC.
636-357-1548
_________________________________________________________________ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

_________________________________________________________________ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] iptables and samba

Reply via email to