Shorewall users - Nov 2002 - Broadcast / Samba Problem

Hi,
I have a lan with Samba. Only one network card in the server. The
modem to the internet is in the router. If I start samba, he said me:

nmbd[28600]:   Packet send failed to 192.168.1.255(138) ERRNO=Operation not
permitted

I can''t solve the problem. Where can I allow the broadcast adress
192.168.1.255?

interfaces:
net eth0 192.168.1.255

params:
LOC=net:192.168.1.2,192.168.1.3,192.168.1.1

policy:
net             all             DROP            info
all             all             REJECT          info

rules:
# Samba Server
ACCEPT          $LOC    $FW           tcp       137,138
ACCEPT          $FW     $LOC            tcp     137,138

zones:
net     Net             Internet

------------------------
/sbin/route
Kernel IP routing table
Destination     Gateway     Genmask         Flags Metric Ref    Use Iface
192.168.1.0     0.0.0.0     255.255.255.0   U     0      0        0 eth0
0.0.0.0         192.168.1.1 0.0.0.0         UG    0      0        0 eth0

/sbin/ifconfig
eth0    Link encap:Ethernet  HWaddr 00:E0:4C:DC:FC:B7
        inet addr:192.168.1.2  Bcast:192.168.1.255  Mask:255.255.255.0
        UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

thank you
Thorsten

> -----Original Message-----
> From: Thorsten Nicklaus [mailto:thorsten_nicklaus@web.de]
> Sent: Monday, November 04, 2002 9:40 AM
> To: shorewall-users@shorewall.net
> Subject: [Shorewall-users] Broadcast / Samba Problem
> 
> 
> Hi,
> I have a lan with Samba. Only one network card in the server. The
> modem to the internet is in the router. If I start samba, he said me:
> 
> nmbd[28600]:   Packet send failed to 192.168.1.255(138) 
> ERRNO=Operation not permitted
> 
> I can''t solve the problem. Where can I allow the broadcast address
> 192.168.1.255?
> 
> interfaces:
> net eth0 192.168.1.255
> 
> params:
> LOC=net:192.168.1.2,192.168.1.3,192.168.1.1
> 
> policy:
> net             all             DROP            info
> all             all             REJECT          info
> 
> rules:
> # Samba Server
> ACCEPT          $LOC    $FW           tcp       137,138
> ACCEPT          $FW     $LOC            tcp     137,138
Maybe I''m just misunderstanding your post, but your shorewall
configuration
seems a little odd. i.e. one zone. Have you considered defining your
zones/interfaces to be something like:

net/ppp0 (modem)
loc/eth0 (LAN, 192.168.1.0/24)

Then define your samba rules around: http://www.shorewall.net/samba.htm

Steve Cowles

--On Monday, November 04, 2002 4:40 PM +0100 Thorsten Nicklaus 
<thorsten_nicklaus@web.de> wrote:
> Hi,
> I have a lan with Samba. Only one network card in the server. The
> modem to the internet is in the router. If I start samba, he said me:
>
> nmbd[28600]:   Packet send failed to 192.168.1.255(138) ERRNO=Operation
> not permitted
>
> I can''t solve the problem. Where can I allow the broadcast adress
> 192.168.1.255?
>
> interfaces:
> net eth0 192.168.1.255
>
> params:
> LOC=net:192.168.1.2,192.168.1.3,192.168.1.1
>
> policy:
> net             all             DROP            info
> all             all             REJECT          info
>
> rules:
># Samba Server
> ACCEPT          $LOC    $FW           tcp       137,138
> ACCEPT          $FW     $LOC            tcp     137,138
>
You are missing some rules here -- there is no such thing as TCP broadcast 
so you need to enable UDP ports as well. See 
http://www.shorewall.net/samba.htm

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net