Greetings, I am running into *possible* Samba/Firewall issues. Our Samba v3.0.11 server is also running iptables. In our log.nmbd file we have noticed the following: [2005/09/27 15:43:41, 1] libsmb/cliconnect.c:cli_connect(1313) Error connecting to 130.xx.xx.xx (Connection refused) [2005/09/27 15:50:21, 0] libsmb/nmblib.c:send_udp(790) Packet send failed to 130.xx.xx.xx(138) ERRNO=Operation not permitted [2005/09/27 14:07:57, 1] libsmb/cliconnect.c:cli_connect(1313) Error connecting to 130.xx.xx.xx (No route to host) [2005/09/27 14:12:51, 1] libsmb/cliconnect.c:cli_connect(1313) Error connecting to 130.xx.xx.xx (Connection refused) [2005/09/27 14:23:04, 1] libsmb/cliconnect.c:cli_connect(1313) A search turned up the following: http://seclists.org/lists/bugtraq/2001/Mar/0285.html ---------------- Obviously, the netfilter nat code breaks nmap while using the -O flag or using decoy options. The (sendto in send_tcp_raw: sendto....) error is a symptom of this. It also breaks other packet shaping utilities such as hping, etc., so this does not appear to be an nmap problem. I don't believe the connection tracking portion of netfilter is to blame in this case. In my tests the connection tracking code, whether it was loaded as a module or built statically into the kernel, didn't seem to get in the way. The cause of the 'sendto..' errors seems to be caused solely by the iptable_nat.o module(which is huge, of course). Once you load that one, or build it into the kernel, "nmap -O" no worky. Without it, nmap/hping/everything works just peachy. Best Regards, Steve --------- Now I have removed iptable_nat with rmmod but I am still seeing errors. For our end users the error shows up as XXXX Domain not found. Anyone see these errors before ?? Thanks Paul
I don't know the answer to your question. but here is a tip that may be of help. try search Nabble's large archive of software mailing lists and you may be able to find some discussions about nmap and samba: http://www.nabble.com/Software-f94.html Paul Griffith wrote:> > ... > A search turned up the following: > http://seclists.org/lists/bugtraq/2001/Mar/0285.html > ... >-- Sent from the Samba forum at Nabble.com: http://www.nabble.com/Samba-Firewall-issues--t352335.html#a987968
Paul Can you confirm what your settings for "local master", "domain master" and "preferred master" are? You should find these in /etc/smb.conf Mark ----- Original Message -----> Greetings, > > I am running into *possible* Samba/Firewall issues. Our Samba v3.0.11 > server is also running iptables. In our log.nmbd file we have > noticed the following: > > [2005/09/27 15:43:41, 1] libsmb/cliconnect.c:cli_connect(1313) > Error connecting to 130.xx.xx.xx (Connection refused) > [2005/09/27 15:50:21, 0] libsmb/nmblib.c:send_udp(790) > Packet send failed to 130.xx.xx.xx(138) ERRNO=Operation not > permitted > > [2005/09/27 14:07:57, 1] libsmb/cliconnect.c:cli_connect(1313) > Error connecting to 130.xx.xx.xx (No route to host) > [2005/09/27 14:12:51, 1] libsmb/cliconnect.c:cli_connect(1313) > Error connecting to 130.xx.xx.xx (Connection refused) > [2005/09/27 14:23:04, 1] libsmb/cliconnect.c:cli_connect(1313) > > A search turned up the following: > http://seclists.org/lists/bugtraq/2001/Mar/0285.html > ---------------- > Obviously, the netfilter nat code breaks nmap while using the -O flag > or using decoy options. The (sendto in send_tcp_raw: sendto....) error is > a symptom of this. It also breaks other packet shaping utilities such > as hping, etc., so this does not appear to be an nmap problem. > > > I don't believe the connection tracking portion of netfilter is to > blame in this case. In my tests the connection tracking code, whether it > was > loaded as a module or built statically into the kernel, didn't seem to > get in the way. The cause of the 'sendto..' errors seems to be caused > solely by the iptable_nat.o module(which is huge, of course). Once you > load that one, or build it into the kernel, "nmap -O" no > worky. Without it, nmap/hping/everything works just peachy. > > > Best Regards, > Steve > --------- > > Now I have removed iptable_nat with rmmod but I am still seeing > errors. For our end users the error shows up as XXXX Domain not found. > > Anyone see these errors before ?? > > Thanks > Paul