samba - May 2004 - please help me.

hi
if i remove the rule for transparent redirection from my firewall script 
then it works well. what can be the connection of transparent redirection 
with samba

please help me out. i m in a grate trouble. the detailed problem is below

Regards
Azeem
>From: "azeem ahmad" <azeem484@hotmail.com>
>To: samba@lists.samba.org
>Subject: [Samba] iptables and samba
>Date: Thu, 27 May 2004 21:02:44 +0000
>
>hi
>i m using the script below
>-------------------------------------------------------------------------------------------------------------------------------------
>iptables -F
>iptables -t nat -F
>iptables -P INPUT DROP
>iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
>iptables -A INPUT -i eth0 -p tcp --dport 22   -j ACCEPT
>iptables -A INPUT -i eth0 -p tcp --dport 53   -j ACCEPT
>iptables -A INPUT -i eth0 -p udp --dport 53   -j ACCEPT
>iptables -A INPUT -i eth0 -p udp --dport 137  -j ACCEPT
>iptables -A INPUT -i eth0 -p udp --dport 138  -j ACCEPT
>iptables -A INPUT -i eth0 -p tcp --dport 139  -j ACCEPT
>
>-------------------------------------------------------------------------------------------------------------------------------------
>
>i have two shares on samba server "Soft and linux" in these shares
there
>are many folders. whenever i run the above script and then i open the share 
>it takes atleast 4  minutes to open the share. but it doesnt take time 
>while browsing inside share.
>mean there is a folder on soft share like soft/adobe/acrobat/acrobat6
>when i double click on soft it takes atleast 4 minutes but after that when 
>i click on adobe then acrobat then acrobat6 it takes now time it just 
>browse them normally. same problem is with the other share named linux.
>but if i dont run this script then all shares work fine with no delay
>this problem only occures first time. mean when i browse the share next 
>time it doesnt occur
>
>Regards
>Azeem
>
_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail

I just wonder why port 445 is missing there...

Greetings 

Sascha

Am Montag, 31. Mai 2004 22:45 schrieb azeem ahmad:
> hi
> if i remove the rule for transparent redirection from my firewall script
> then it works well. what can be the connection of transparent redirection
> with samba
>
> please help me out. i m in a grate trouble. the detailed problem is below
>
> Regards
> Azeem
>
> >From: "azeem ahmad" <azeem484@hotmail.com>
> >To: samba@lists.samba.org
> >Subject: [Samba] iptables and samba
> >Date: Thu, 27 May 2004 21:02:44 +0000
> >
> >hi
> >i m using the script below
>
>--------------------------------------------------------------------------
> >----------------------------------------------------------- iptables -F
> >iptables -t nat -F
> >iptables -P INPUT DROP
> >iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> >iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
> >iptables -A INPUT -i eth0 -p tcp --dport 22   -j ACCEPT
> >iptables -A INPUT -i eth0 -p tcp --dport 53   -j ACCEPT
> >iptables -A INPUT -i eth0 -p udp --dport 53   -j ACCEPT
> >iptables -A INPUT -i eth0 -p udp --dport 137  -j ACCEPT
> >iptables -A INPUT -i eth0 -p udp --dport 138  -j ACCEPT
> >iptables -A INPUT -i eth0 -p tcp --dport 139  -j ACCEPT
> >
>
>--------------------------------------------------------------------------
> >-----------------------------------------------------------
> >
> >i have two shares on samba server "Soft and linux" in these
shares there
> >are many folders. whenever i run the above script and then i open the
> > share it takes atleast 4  minutes to open the share. but it doesnt
take
> > time while browsing inside share.
> >mean there is a folder on soft share like soft/adobe/acrobat/acrobat6
> >when i double click on soft it takes atleast 4 minutes but after that
when
> >i click on adobe then acrobat then acrobat6 it takes now time it just
> >browse them normally. same problem is with the other share named linux.
> >but if i dont run this script then all shares work fine with no delay
> >this problem only occures first time. mean when i browse the share next
> >time it doesnt occur
> >
> >Regards
> >Azeem
>
> _________________________________________________________________
> Add photos to your e-mail with MSN 8. Get 2 months FREE*.
> http://join.msn.com/?page=features/featuredemail

>From: Sascha Bieler <sascha.bieler@radiogong.de>
>To: samba@lists.samba.org
>Subject: Re: [Samba] please help me.
>Date: Mon, 31 May 2004 23:02:33 +0200
>
>I just wonder why port 445 is missing there...
>
>Greetings
>
>Sascha
>
here is the new script but the same problem is with this script too that if 
i enable transparent redirection it starts taking about 4 minutes and if i 
remove the rule for port 80 transparent redirection then it starts working
here is the script
----------------------------------------------------------------------------------------------------------------------------------
echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -F
iptables -t nat -F

modprobe ip_nat_ftp

iptables -P INPUT DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 22   -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 53   -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 53   -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 137  -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 137  -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 138  -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 138  -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 139  -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 139  -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 445 -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 445 -j ACCEPT
#iptables -A INPUT -j LOG

#iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
#iptables -t nat -A PREROUTING -p udp --dport 80 -j REDIRECT --to-port 8080

iptables -P FORWARD DROP
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A FORWARD -i eth0 -p tcp --dport 21        -j ACCEPT
iptables -A FORWARD -i eth0 -p tcp --dport 443       -j ACCEPT
iptables -A FORWARD -i eth0 -p tcp --dport 5000      -j ACCEPT
iptables -A FORWARD -i eth0 -p tcp --dport 5001      -j ACCEPT
iptables -A FORWARD -i eth0 -p tcp --dport 5005      -j ACCEPT
iptables -A FORWARD -i eth0 -p tcp --dport 5050      -j ACCEPT
iptables -A FORWARD -i eth0 -p tcp --dport 6660:6670 -j ACCEPT
iptables -A FORWARD -i eth0 -p tcp --dport 7000      -j ACCEPT
iptables -A FORWARD -i eth0 -p tcp --dport 28805     -j ACCEPT
iptables -A FORWARD -i eth0 -p tcp --dport 51215     -j ACCEPT

iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
----------------------------------------------------------------------------------------------------------------------------------

Regards
Azeem

_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* 
http://join.msn.com/?page=features/junkmail

infact i dont have any problem with redirection or masquerading instead i 
have problem with redirection and samba.

Regards
Azeem
>From: "Radio Gong 2000 GmbH & Co. KG [Technik]" 
><sascha.bieler@radiogong.de>
>To: samba@lists.samba.org
>Subject: Re: [Samba] please help me.
>Date: Mon, 31 May 2004 23:48:12 +0200
>
>Wow, you are using your samba-server as internet-gateway and firewall???
>Uffhh...
>
>Ok, I don't have this configuration, but in my firewall-script I have
>
>FIRST: transparent redirecting and
>SECOND: masquarading
>
>The DROP-Rule you should put in last.
>
>I configured my firewall with the excellent tool fwbuilder, try it and 
>throw
>away your probs...
>
>http://www.fwbuilder.org/
>
>
>Regards
>
>Sascha
>
>Am Montag, 31. Mai 2004 23:21 schrieb azeem ahmad:
> > >From: Sascha Bieler <sascha.bieler@radiogong.de>
> > >To: samba@lists.samba.org
> > >Subject: Re: [Samba] please help me.
> > >Date: Mon, 31 May 2004 23:02:33 +0200
> > >
> > >I just wonder why port 445 is missing there...
> > >
> > >Greetings
> > >
> > >Sascha
> >
> > here is the new script but the same problem is with this script too
that
>if
> > i enable transparent redirection it starts taking about 4 minutes and
if
>i
> > remove the rule for port 80 transparent redirection then it starts 
>working
> > here is the script
> > 
>---------------------------------------------------------------------------
> >------------------------------------------------------- echo 1 >
> > /proc/sys/net/ipv4/ip_forward
> >
> > iptables -F
> > iptables -t nat -F
> >
> > modprobe ip_nat_ftp
> >
> > iptables -P INPUT DROP
> > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> >
> > iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
> > iptables -A INPUT -i eth0 -p tcp --dport 22   -j ACCEPT
> > iptables -A INPUT -i eth0 -p tcp --dport 53   -j ACCEPT
> > iptables -A INPUT -i eth0 -p udp --dport 53   -j ACCEPT
> > iptables -A INPUT -i eth0 -p udp --dport 137  -j ACCEPT
> > iptables -A INPUT -i eth0 -p tcp --dport 137  -j ACCEPT
> > iptables -A INPUT -i eth0 -p udp --dport 138  -j ACCEPT
> > iptables -A INPUT -i eth0 -p tcp --dport 138  -j ACCEPT
> > iptables -A INPUT -i eth0 -p udp --dport 139  -j ACCEPT
> > iptables -A INPUT -i eth0 -p tcp --dport 139  -j ACCEPT
> > iptables -A INPUT -i eth0 -p tcp --dport 445 -j ACCEPT
> > iptables -A INPUT -i eth0 -p udp --dport 445 -j ACCEPT
> > #iptables -A INPUT -j LOG
> >
> > #iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port
>8080
> > #iptables -t nat -A PREROUTING -p udp --dport 80 -j REDIRECT --to-port
>8080
> >
> > iptables -P FORWARD DROP
> > iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> >
> > iptables -A FORWARD -i eth0 -p tcp --dport 21        -j ACCEPT
> > iptables -A FORWARD -i eth0 -p tcp --dport 443       -j ACCEPT
> > iptables -A FORWARD -i eth0 -p tcp --dport 5000      -j ACCEPT
> > iptables -A FORWARD -i eth0 -p tcp --dport 5001      -j ACCEPT
> > iptables -A FORWARD -i eth0 -p tcp --dport 5005      -j ACCEPT
> > iptables -A FORWARD -i eth0 -p tcp --dport 5050      -j ACCEPT
> > iptables -A FORWARD -i eth0 -p tcp --dport 6660:6670 -j ACCEPT
> > iptables -A FORWARD -i eth0 -p tcp --dport 7000      -j ACCEPT
> > iptables -A FORWARD -i eth0 -p tcp --dport 28805     -j ACCEPT
> > iptables -A FORWARD -i eth0 -p tcp --dport 51215     -j ACCEPT
> >
> > iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
> > 
>---------------------------------------------------------------------------
> >-------------------------------------------------------
> >
> > Regards
> > Azeem
> >
> > _________________________________________________________________
> > STOP MORE SPAM with the new MSN 8 and get 2 months FREE*
> > http://join.msn.com/?page=features/junkmail
>
>--
>_______________________________________________
>Radio Gong 2000 GmbH & Co. KG
>Sascha Bieler
>Technischer Leiter
>Franz-Joseph-Strasse 14
>80801 München
>--
>To unsubscribe from this list go to the following URL and read the
>instructions:  http://lists.samba.org/mailman/listinfo/samba
_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE* 
http://join.msn.com/?page=features/virus

thanx dude.
i check it
but any other friends out there plz try to solve my problem also

Regards
Azeem

_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* 
http://join.msn.com/?page=features/junkmail