Tom Eastep wrote:> Tom Eastep wrote: >> >> >>>> d) Are you running Samba 2 or Samba 3? >>> >>> According to the Fedora distro pkg list, it''s 3.0.0. I still have >>> to learn how to ask Samba to print the version to the console :\ >> >> >> I have yet to get Samba 3 to work reliably. >> >> >>> Not sure what you''re asking here. Yes, it works between other >>> machines on the network, just not to and from the Samba/Shorewall >>> machine. BTW, internet web browsing works from loc machines on the >>> network just fine (using masquerading). >>> >> >> >> That''s the part that I can''t get working with Samba 3. >> > > I''ve done some more testing and I have one Samba 3 system which > appears to be working at the moment. > > I''ll keep an eye on it.... > > -TomFWIW: I too run samba 3 on a RH9 system behind my firewall. This system is configured to NOT start any firewall rules at bootup. The reason I mention this is because for some reason when I use nautilus to browse smb shares, it just stops working. Why? is still a mystery to me. Smbclient/nmblookup commands from this same system return the proper results when this oddity occurs. The really strange part is if I logout of Gnome and log back in, then browsing using nautilus works again. Which makes me think this could be some kind of smb password token timeout problem with the PDC. I don''t really know, but I don''t remember having this kind of problem while using Samba 2.x series. Steve Cowles
Cowles, Steve wrote:> > > FWIW: I too run samba 3 on a RH9 system behind my firewall. This system is > configured to NOT start any firewall rules at bootup. The reason I mention > this is because for some reason when I use nautilus to browse smb shares, it > just stops working. Why? is still a mystery to me. Smbclient/nmblookup > commands from this same system return the proper results when this oddity > occurs. The really strange part is if I logout of Gnome and log back in, > then browsing using nautilus works again. Which makes me think this could be > some kind of smb password token timeout problem with the PDC. I don''t really > know, but I don''t remember having this kind of problem while using Samba 2.x > series. >I experienced my most annoying problems with Samba 3 when I tried to configure it as a master browser/WINS server on my firewall. This was before I installed a firewall/bridge behind my main firewall so I had both my local LAN and my Wireless network interfacing to the firewall as separate networks. Samba would behave flawlessly on the wireless network but would refuse to build a complete browse list for the LAN network (only the firewall itself appeared in the browse list). Calin: Do you have Samba on your firewall box configured as a master browser? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom, Yes. Samba is configured as a master browser. I haven''t attempted to connect a wireless network yet. I''ve seen the problem that only the firewall itself appears on the browse list (or within the nautilus browser, anyway.) Other times, all machines appear. If I don''t start the firewall at bootup, like Steve suggested below, Samba seems to work okay. Tom Eastep wrote:> What I suggest you do is remove Shorewall totally from your fw<->loc > interface (you seem to be treating the Shorewall box as an extension of > your local network anyway).Yes, but I haven''t had a chance to totally remove it yet because my system is down. It should be okay to do so though because I have: ------LOC-------Samba/FW----Netgear router---cable modem----internet | | | | | | | | | | V V V V V (trusted systems) (untrusted systems) 10.0.0.0/24 192.168.0.0/24 I''m using Shorewall to protect the Samba/Shorwall system from the Netgear router network. You''re correct, I''m treating the Shorewall box completely as an extension of LOC. I can''t do anymore testing untill Fedora Core 2 final is released Monday. I messed up my system while trying to bring up the Samba primary domain controller. When I restored to an old system archive, I killed it. Probably best to nuke and repave with Fedora Core 2 now :( I''ll let you know what happens after that and respond to Tom''s other questions and suggestions. Thanks! Cal Cowles, Steve wrote:> > > FWIW: I too run samba 3 on a RH9 system behind my firewall. This system is > configured to NOT start any firewall rules at bootup. The reason I mention > this is because for some reason when I use nautilus to browse smb shares,it> just stops working. Why? is still a mystery to me. Smbclient/nmblookup > commands from this same system return the proper results when this oddity > occurs. The really strange part is if I logout of Gnome and log back in, > then browsing using nautilus works again. Which makes me think this couldbe> some kind of smb password token timeout problem with the PDC. I don''treally> know, but I don''t remember having this kind of problem while using Samba2.x> series. >I experienced my most annoying problems with Samba 3 when I tried to configure it as a master browser/WINS server on my firewall. This was before I installed a firewall/bridge behind my main firewall so I had both my local LAN and my Wireless network interfacing to the firewall as separate networks. Samba would behave flawlessly on the wireless network but would refuse to build a complete browse list for the LAN network (only the firewall itself appeared in the browse list). Calin: Do you have Samba on your firewall box configured as a master browser? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
Calin Brabandt wrote:> > Yes, but I haven''t had a chance to totally remove it yet because my system > is down. It should be okay to do so though because I have: > > > ------LOC-------Samba/FW----Netgear router---cable modem----internet > | | | | | > | | | | | > V V V V V > (trusted systems) (untrusted systems) > 10.0.0.0/24 192.168.0.0/24 >A bridged configuration is much more appropriate for your network -- double SNAT like you are doing now is silly. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Calin Brabandt wrote:> Tom, Yes. Samba is configured as a master browser. I haven''t > attempted to connect a wireless network yet. I''ve seen the problem > that only the firewall itself appears on the browse list (or within > the nautilus browser, anyway.) Other times, all machines appear. If > I don''t start the firewall at bootup, like Steve suggested below, > Samba seems to work okay. >Calin, I wasn''t suggesting for you to NOT start your firewall script. The problem I''m having with nautilus is on my RH9 system which does not start any firewall rules because its behind my shorewall based firewall. BTW: I don''t run any appications on my firewall. To clarify my problem - most of the time nautilus works just fine on this RH9 system, but then for no appearant reason, it just stops working. What I mean by not working is my domain name and/or the registered systems for that domain do not show up in the nautilus window. It''s as if the __MASTER_BROWSER__ (the wins server in my case) for my network did not return any information. But if I use the command line nmblookup or smbclient commands (like what nautilus is probably using), the data returned looks correct. Even the master broswer record is returned. As I stated in my previous post, if I logout of gnome (not reboot the system) and log back in, nautilus works again. That''s the strange part. If I was to speculate on what the problem is, I''d lean towards some sort of compatibility issue between nautilus and samba 3.x, NOT shorewall. The rules Tom publishes regarding smb look correct to me. When you get your new system up and running, report back. Steve Cowles
Steve Cowles wrote:>To clarify my problem - most of the time nautilus works just fine on this >RH9 system, but then for no appearant reason, it just stops working.Steve, I think I''m seeing this behavior too and that''s what sent me off track. Despite doing 2-3 trials, the problem originally seemed to correlate to Shorewall and startup order. Now I think not -- which I think is no surprise to Tom :) <snip>>If I was to speculate on what the problem is, I''d lean towards some sort of >compatibility issue between nautilus and samba 3.x, NOT shorewall. The >rules Tom publishes regarding smb look correct to me.>When you get your new system up and running, report back.Agreed. My latest tests indicate that Shorewall has nothing to do with this problem. Sorry I raised the read flag too soon, but I''ve learned much from this list. I''ll report back after I get Fedora Core 2 Final running. A friend of mine reported a bunch of his Laptop/ACPI problems were fixed in Core 2 Test 3. I don''t care about ACPI but I''m switching in the hope that some of my problems will go away too. Although I installed the full meal deal from the Core 1 CD distro, the main packages that I need are Samba, for MS Network sharing and primary domain controller; Shorewall, for firewall and NAT; DHCP server, vsftp and squid. I''m merely interested in all the other aps, but don''t really need them on this server. Perhaps I should install only what I need this time? Thanks, Steve!