On Wed, Nov 29, 2006 at 04:43:17PM +0700, Fajar Priyanto wrote: > I understand that in order to allow samba to work, we need to allow several > ports, such as tcp 445, tcp/udp 137,138,139. > > But recently a friend of mine said that the only port needs to be opened is > tcp 445? Is this true? > > What is the actual purpose of those 137:139 ports? In /etc/services it's said > that they are netbios-ssn. But I'm not really sure the real meaning of it.
"Samba" (and "Windows File & Print") refers to a group of about six different protocol variations. With each major release of Windows (and OS/2 LanManager), Microsoft has reinvented it, because all their previous attempts sucked. Different variations of these use different combinations of ports. At least one of them is capable of operating over port 445 alone. A modern WinXP system can talk *all* of these. You have limited control over which it uses, even in a purely WinXP network. The exact details of how it decides which protocol to use are secret (if anybody at Microsoft even knows - this is uncertain, the code is reportedly complicated and undocumented), and the internet is rife with inaccurate speculations on the subject being presented as fact. Do not expect it to behave sanely. In theory, it should attempt to use both port 445 and 139 and take whichever works. In practice, it varies, especially on a desktop that's been in use for a few months and is starting to show signs of bitrot. Opening all the ports ensures that the firewall won't get in the way of whatever the stupid thing decides to do. Individual sites may find that they can get by with less, depending on configuration and the phases of the moon. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
