hi i m using the script below ------------------------------------------------------------------------------------------------------------------------------------- iptables -F iptables -t nat -F iptables -P INPUT DROP iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 53 -j ACCEPT iptables -A INPUT -i eth0 -p udp --dport 53 -j ACCEPT iptables -A INPUT -i eth0 -p udp --dport 137 -j ACCEPT iptables -A INPUT -i eth0 -p udp --dport 138 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 139 -j ACCEPT ------------------------------------------------------------------------------------------------------------------------------------- i have two shares on samba server "Soft and linux" in these shares there are many folders. whenever i run the above script and then i open the share it takes atleast 4 minutes to open the share. but it doesnt take time while browsing inside share. mean there is a folder on soft share like soft/adobe/acrobat/acrobat6 when i double click on soft it takes atleast 4 minutes but after that when i click on adobe then acrobat then acrobat6 it takes now time it just browse them normally. same problem is with the other share named linux. but if i dont run this script then all shares work fine with no delay this problem only occures first time. mean when i browse the share next time it doesnt occur Regards Azeem _________________________________________________________________ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
azeem ahmad wrote:> hi > i m using the script below > ------------------------------------------------------------------------------------------------------------------------------------- > > iptables -F > iptables -t nat -F > iptables -P INPUT DROP > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT > iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT > iptables -A INPUT -i eth0 -p tcp --dport 53 -j ACCEPT > iptables -A INPUT -i eth0 -p udp --dport 53 -j ACCEPT > iptables -A INPUT -i eth0 -p udp --dport 137 -j ACCEPT > iptables -A INPUT -i eth0 -p udp --dport 138 -j ACCEPT > iptables -A INPUT -i eth0 -p tcp --dport 139 -j ACCEPT > > ------------------------------------------------------------------------------------------------------------------------------------- > > > i have two shares on samba server "Soft and linux" in these shares there > are many folders. whenever i run the above script and then i open the > share it takes atleast 4 minutes to open the share. but it doesnt take > time while browsing inside share. > mean there is a folder on soft share like soft/adobe/acrobat/acrobat6 > when i double click on soft it takes atleast 4 minutes but after that > when i click on adobe then acrobat then acrobat6 it takes now time it > just browse them normally. same problem is with the other share named > linux. > but if i dont run this script then all shares work fine with no delay > this problem only occures first time. mean when i browse the share next > time it doesnt occurThis is a complete shot in the dark. Windows 2000 (probably) and XP (definately) will look for a SMB server on port 445 first by default. Since you have '-j DROP', the requests to 445 don't get a response. It takes a little bit to timeout and then Windows probably tries to connect again. I bet if you add the following iptables rule, the problem will go away: iptables -A INPUT -i eth0 -p all --dport 445 -j REJECT -- Andrew Gaffney Network Administrator Skyline Aeronautics, LLC. 636-357-1548
its samba-2.2.7a-7.9.0 and i tried rejecting port 445 for tcp and udp but it isnt working properly yet Regards Azeem>From: Tom Skeren <tms3@fsklaw.net> >To: Andrew Gaffney <agaffney@skylineaero.com> >CC: azeem ahmad <azeem484@hotmail.com>, samba@lists.samba.org >Subject: Re: [Samba] iptables and samba >Date: Thu, 27 May 2004 14:41:07 -0700 > >Andrew Gaffney wrote: > >>azeem ahmad wrote: >> >>>hi >>>i m using the script below >>>------------------------------------------------------------------------------------------------------------------------------------- >>>iptables -F >>>iptables -t nat -F >>>iptables -P INPUT DROP >>>iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT >>>iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT >>>iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT >>>iptables -A INPUT -i eth0 -p tcp --dport 53 -j ACCEPT >>>iptables -A INPUT -i eth0 -p udp --dport 53 -j ACCEPT >>>iptables -A INPUT -i eth0 -p udp --dport 137 -j ACCEPT >>>iptables -A INPUT -i eth0 -p udp --dport 138 -j ACCEPT >>>iptables -A INPUT -i eth0 -p tcp --dport 139 -j ACCEPT >>> >>>------------------------------------------------------------------------------------------------------------------------------------- >>> >>>i have two shares on samba server "Soft and linux" in these shares there >>>are many folders. whenever i run the above script and then i open the >>>share it takes atleast 4 minutes to open the share. but it doesnt take >>>time while browsing inside share. >>>mean there is a folder on soft share like soft/adobe/acrobat/acrobat6 >>>when i double click on soft it takes atleast 4 minutes but after that >>>when i click on adobe then acrobat then acrobat6 it takes now time it >>>just browse them normally. same problem is with the other share named >>>linux. >>>but if i dont run this script then all shares work fine with no delay >>>this problem only occures first time. mean when i browse the share next >>>time it doesnt occur >> >> >>This is a complete shot in the dark. Windows 2000 (probably) and XP >>(definately) will look for a SMB server on port 445 first by default. >>Since you have '-j DROP', the requests to 445 don't get a response. It >>takes a little bit to timeout and then Windows probably tries to connect >>again. I bet if you add the following iptables rule, the problem will go >>away: >> >>iptables -A INPUT -i eth0 -p all --dport 445 -j REJECT >> >If you have Samba 3.x it will share on port 445. > >_________________________________________________________________ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail
the problem has been partially soved by REJECTing or ACCEPTing the port 445. the effect of ACCEPTing or REJECTing is same and that is: as i stated before that i have two shares named soft and linux. the problem appeares while accessing both shares for the first time (note only for the first time. if i close the share and then triy again the problem doesnt occur unless i restart my client computer) now the problem has been partially solved as if i access one of the two shares it takes 4 minutes but if then i access the 2nd share it doent take time. while before adding this rule it was talking time for the both shares Regards Azeem>From: Andrew Gaffney <agaffney@skylineaero.com> >To: Tom Skeren <tms3@fsklaw.net> >CC: azeem ahmad <azeem484@hotmail.com>, samba@lists.samba.org >Subject: Re: [Samba] iptables and samba >Date: Thu, 27 May 2004 16:43:39 -0500 > >Tom Skeren wrote: >>Andrew Gaffney wrote: >> >>>azeem ahmad wrote: >>> >>>>hi >>>>i m using the script below >>>>------------------------------------------------------------------------------------------------------------------------------------- >>>> >>>>iptables -F >>>>iptables -t nat -F >>>>iptables -P INPUT DROP >>>>iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT >>>>iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT >>>>iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT >>>>iptables -A INPUT -i eth0 -p tcp --dport 53 -j ACCEPT >>>>iptables -A INPUT -i eth0 -p udp --dport 53 -j ACCEPT >>>>iptables -A INPUT -i eth0 -p udp --dport 137 -j ACCEPT >>>>iptables -A INPUT -i eth0 -p udp --dport 138 -j ACCEPT >>>>iptables -A INPUT -i eth0 -p tcp --dport 139 -j ACCEPT >>>> >>>>------------------------------------------------------------------------------------------------------------------------------------- >>>> >>>> >>>>i have two shares on samba server "Soft and linux" in these shares there >>>>are many folders. whenever i run the above script and then i open the >>>>share it takes atleast 4 minutes to open the share. but it doesnt take >>>>time while browsing inside share. >>>>mean there is a folder on soft share like soft/adobe/acrobat/acrobat6 >>>>when i double click on soft it takes atleast 4 minutes but after that >>>>when i click on adobe then acrobat then acrobat6 it takes now time it >>>>just browse them normally. same problem is with the other share named >>>>linux. >>>>but if i dont run this script then all shares work fine with no delay >>>>this problem only occures first time. mean when i browse the share next >>>>time it doesnt occur >>> >>> >>> >>>This is a complete shot in the dark. Windows 2000 (probably) and XP >>>(definately) will look for a SMB server on port 445 first by default. >>>Since you have '-j DROP', the requests to 445 don't get a response. It >>>takes a little bit to timeout and then Windows probably tries to connect >>>again. I bet if you add the following iptables rule, the problem will go >>>away: >>> >>>iptables -A INPUT -i eth0 -p all --dport 445 -j REJECT >>> >>If you have Samba 3.x it will share on port 445. > >Okay, so you can change that REJECT to ACCEPT. > >-- >Andrew Gaffney >Network Administrator >Skyline Aeronautics, LLC. >636-357-1548 >_________________________________________________________________ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail
hi all this is the output of tcpdump that it shows continously in the four minutes that it takes to open the share ------------------------------------------------------------------------------------------------------------------------------------ 02:28:17.294943 192.168.0.100.netbios-ssn > 192.168.0.2.1049: P 28200:28268(68) ack 27225 win 5840 NBT Packet (DF) 02:28:17.295312 192.168.0.2.1049 > 192.168.0.100.netbios-ssn: P 27225:27363(138) ack 28268 win 63495 NBT Packet (DF) 02:28:17.295422 192.168.0.100.netbios-ssn > 192.168.0.2.1049: P 28268:28307(39) ack 27363 win 5840 NBT Packet (DF) 02:28:17.295768 192.168.0.2.1049 > 192.168.0.100.netbios-ssn: P 27363:27408(45) ack 28307 win 63456 NBT Packet (DF) 02:28:17.295873 192.168.0.100.netbios-ssn > 192.168.0.2.1049: P 28307:28346(39) ack 27408 win 5840 NBT Packet (DF) 02:28:17.296297 192.168.0.2.1049 > 192.168.0.100.netbios-ssn: P 27408:27501(93) ack 28346 win 63417 NBT Packet (DF) ------------------------------------------------------------------------------------------------------------------------------------- Regards Azeem>From: "azeem ahmad" <azeem484@hotmail.com> >To: samba@lists.samba.org >Subject: Re: [Samba] iptables and samba >Date: Thu, 27 May 2004 22:02:20 +0000 > > >the problem has been partially soved by REJECTing or ACCEPTing the port >445. the effect of ACCEPTing or REJECTing is same and that is: >as i stated before that i have two shares named soft and linux. the problem >appeares while accessing both shares for the first time (note only for the >first time. if i close the share and then triy again the problem doesnt >occur unless i restart my client computer) now the problem has been >partially solved as if i access one of the two shares it takes 4 minutes >but if then i access the 2nd share it doent take time. while before adding >this rule it was talking time for the both shares > >Regards >Azeem > >>From: Andrew Gaffney <agaffney@skylineaero.com> >>To: Tom Skeren <tms3@fsklaw.net> >>CC: azeem ahmad <azeem484@hotmail.com>, samba@lists.samba.org >>Subject: Re: [Samba] iptables and samba >>Date: Thu, 27 May 2004 16:43:39 -0500 >> >>Tom Skeren wrote: >>>Andrew Gaffney wrote: >>> >>>>azeem ahmad wrote: >>>> >>>>>hi >>>>>i m using the script below >>>>>------------------------------------------------------------------------------------------------------------------------------------- >>>>> >>>>>iptables -F >>>>>iptables -t nat -F >>>>>iptables -P INPUT DROP >>>>>iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT >>>>>iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT >>>>>iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT >>>>>iptables -A INPUT -i eth0 -p tcp --dport 53 -j ACCEPT >>>>>iptables -A INPUT -i eth0 -p udp --dport 53 -j ACCEPT >>>>>iptables -A INPUT -i eth0 -p udp --dport 137 -j ACCEPT >>>>>iptables -A INPUT -i eth0 -p udp --dport 138 -j ACCEPT >>>>>iptables -A INPUT -i eth0 -p tcp --dport 139 -j ACCEPT >>>>> >>>>>------------------------------------------------------------------------------------------------------------------------------------- >>>>> >>>>> >>>>>i have two shares on samba server "Soft and linux" in these shares >>>>>there are many folders. whenever i run the above script and then i open >>>>>the share it takes atleast 4 minutes to open the share. but it doesnt >>>>>take time while browsing inside share. >>>>>mean there is a folder on soft share like soft/adobe/acrobat/acrobat6 >>>>>when i double click on soft it takes atleast 4 minutes but after that >>>>>when i click on adobe then acrobat then acrobat6 it takes now time it >>>>>just browse them normally. same problem is with the other share named >>>>>linux. >>>>>but if i dont run this script then all shares work fine with no delay >>>>>this problem only occures first time. mean when i browse the share next >>>>>time it doesnt occur >>>> >>>> >>>> >>>>This is a complete shot in the dark. Windows 2000 (probably) and XP >>>>(definately) will look for a SMB server on port 445 first by default. >>>>Since you have '-j DROP', the requests to 445 don't get a response. It >>>>takes a little bit to timeout and then Windows probably tries to connect >>>>again. I bet if you add the following iptables rule, the problem will go >>>>away: >>>> >>>>iptables -A INPUT -i eth0 -p all --dport 445 -j REJECT >>>> >>>If you have Samba 3.x it will share on port 445. >> >>Okay, so you can change that REJECT to ACCEPT. >> >>-- >>Andrew Gaffney >>Network Administrator >>Skyline Aeronautics, LLC. >>636-357-1548 >> > >_________________________________________________________________ >Add photos to your e-mail with MSN 8. Get 2 months FREE*. >http://join.msn.com/?page=features/featuredemail > >-- >To unsubscribe from this list go to the following URL and read the >instructions: http://lists.samba.org/mailman/listinfo/samba_________________________________________________________________ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail