What is the correct way to configure Shorewall for a samba server that is making service announcements to the local broadcast addresses? [2002/11/18 21:02:50, 0] libsmb/nmblib.c:send_udp(755) Packet send failed to 192.168.2.255(137) ERRNO=Operation not permitted A pointer to the FAQ I undoubtedly missed would be appreciated... -Alan ==========Alan Sparks, UNIX/Linux Systems Administrator <asparks@doublesparks.net>
Duh. There''s the info in the manual. Never mind. -Alan Alan Sparks said:> What is the correct way to configure Shorewall for a samba server that > is making service announcements to the local broadcast addresses? > > [2002/11/18 21:02:50, 0] libsmb/nmblib.c:send_udp(755) > Packet send failed to 192.168.2.255(137) ERRNO=Operation not permitted > > A pointer to the FAQ I undoubtedly missed would be appreciated... > -Alan > > ==========> Alan Sparks, UNIX/Linux Systems Administrator > <asparks@doublesparks.net> > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://www.shorewall.net/mailman/listinfo/shorewall-users==========Alan Sparks, UNIX/Linux Systems Administrator <asparks@doublesparks.net>
> What is the correct way to configure Shorewall for a samba server that > is making service announcements to the local broadcast addresses? > > [2002/11/18 21:02:50, 0] libsmb/nmblib.c:send_udp(755) > Packet send failed to 192.168.2.255(137) ERRNO=Operation not permitted > > A pointer to the FAQ I undoubtedly missed would be appreciated...The _best_ way is to configure a Samba machine as a WINS server and avoid the broadcasts altogether. Otherwise, see http://shorewall.sf.net/samba.htm -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://shorewall.sf.net ICQ: #60745924 \ teastep@shorewall.net
Hmmm.. Not doing it. I''ve tried both ways, making sure WINS is enabled in samba, and setting the Windows box to point to the 192. internal address. Also tried adding the rules from the manual: ACCEPT fw loc udp 137:139 ACCEPT fw loc tcp 137,139 ACCEPT fw loc udp 1024: 137 ACCEPT loc fw udp 137:139 ACCEPT loc fw tcp 137,139 ACCEPT loc fw udp 1024: 137 The windows box still doesn''t see the server, and still getting the error logs in nmbd.log... Does loc also stand for the broadcast addresses in this ruleset? -Alan Tom Eastep said:> >> What is the correct way to configure Shorewall for a samba server that >> is making service announcements to the local broadcast addresses? >> >> [2002/11/18 21:02:50, 0] libsmb/nmblib.c:send_udp(755) >> Packet send failed to 192.168.2.255(137) ERRNO=Operation not >> permitted >> >> A pointer to the FAQ I undoubtedly missed would be appreciated... > > The _best_ way is to configure a Samba machine as a WINS server and > avoid the broadcasts altogether. Otherwise, see > http://shorewall.sf.net/samba.htm > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > AIM: tmeastep \ http://shorewall.sf.net > ICQ: #60745924 \ teastep@shorewall.net==========Alan Sparks, UNIX/Linux Systems Administrator <asparks@doublesparks.net>
> Hmmm.. Not doing it. I''ve tried both ways, making sure WINS is enabled > in samba, and setting the Windows box to point to the 192. internal > address. > > Also tried adding the rules from the manual: > ACCEPT fw loc udp 137:139 > ACCEPT fw loc tcp 137,139 > ACCEPT fw loc udp 1024: 137 > ACCEPT loc fw udp 137:139 > ACCEPT loc fw tcp 137,139 > ACCEPT loc fw udp 1024: 137 > > The windows box still doesn''t see the server, and still getting the > error logs in nmbd.log... > > Does loc also stand for the broadcast addresses in this ruleset?''loc'' is whatever you have defined it to be. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://shorewall.sf.net ICQ: #60745924 \ teastep@shorewall.net
--On Tuesday, November 19, 2002 06:47:09 AM -0800 Tom Eastep <teastep@shorewall.net> wrote:> >> >> Does loc also stand for the broadcast addresses in this ruleset? > > ''loc'' is whatever you have defined it to be. >And you can see what Shorewall believes ''loc'' to be by issuing ''shorewall check'' and look at the output following ''Determining Hosts in Zones''. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://shorewall.sf.net ICQ: #60745924 \ teastep@shorewall.net