Displaying 20 results from an estimated 20000 matches similar to: "Samba and ufw (Martin McGlensey)"
2019 Feb 06
2
Samba and ufw
Rowland,
Did some editing in smb.conf that I had to reverse. Now I'm back to
being able to connect with the firewall disabled. When I enable the
firewall I get as far as windows network -> workgroup but no connection.
I have only the rules you recommended in your last email.
Louis,
The information you requested is below:
martin at radio:~$ dpkg -l|egrep "iptables|ufw"
ii
2019 Feb 07
3
Samba and ufw
Rowland,
OK. Should I delete these lines?
diff yours mine
63d62
yours# -A ufw-after-logging-output -m limit --limit 3/min --limit-burst 10
-j LOG --log-prefix "[UFW ALLOW] "
85,87d83
yours# -A ufw-before-logging-forward -m conntrack --ctstate NEW -m limit
--limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW AUDIT] "
yours# -A ufw-before-logging-input -m conntrack
2015 Dec 29
1
Firewall trouble?
Alright, I have setup the new rules and am waiting to see if I have any
issues. If I do, I will keep working on it. I also read the article
below, which mentions exactly what you I was told about 2008 and newer
using different ports.
https://support.microsoft.com/en-us/kb/929851
Here is the new configuration:
root at dc01:~# iptables -S
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-A INPUT -m
2015 Dec 29
1
Firewall trouble?
I just looked up 42 and 68. I do not use WINS or BOOTP. I am removing
range 1024-5000 and replacing it with 49612-65535 now. I already allowed
389 TCP.
Lead IT/IS Specialist
Reach Technology FP, Inc
On 12/29/2015 03:58 AM, L.P.H. van Belle wrote:
> Hai,
>
> Im missing a few things.
>
> And maybe time server port to open? Are your dc's time server also?
> These are the
2019 Apr 24
2
Iptables blocks out going connetion some times
Hi?guys.
There is a wierd problem with iptables recently, hopes somebody can help me.
I have installed Centos 7.2.1511 on a bare metal Dell server these days,
disabled firewalld and enabled iptables.services, and setup a group of very
simple rules, as the following:
# iptables-save
# Generated by iptables-save v1.4.21 on Tue Apr 23 09:15:14 2019
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT
2015 Dec 28
9
Firewall trouble?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I recently tried adding a firewall to my Samba 4 server using the port
information I found on the wiki. Below is a dump of the resulting rules.
root at dc01:~# iptables -S
- -P INPUT DROP
- -P FORWARD DROP
- -P OUTPUT ACCEPT
- -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m
2019 Jan 29
2
Samba and UFW
Reindl,
I will check that. Not sure how fix it. Will look on internet. Would you give some more information on the subject.
Thanks
Sent from my iPad
Marty (843)-546-4822
> On Jan 29, 2019, at 10:43 AM, Reindl Harald <h.reindl at thelounge.net> wrote:
>
>
>
>> Am 29.01.19 um 16:39 schrieb Marty via samba:
>> Here is the ufw.log after enabling logging medium and
2019 Apr 24
2
答复: Iptables blocks out going connetion some times
Hello, Stephen, thank you for input.
Yes, these servers have the same firewall rules, and both of them have the same problem from time to time, most of time they are good.
Actually, these servers are newly installed to be used as the Glusterfs storage server, so not much data flowing at this time.
>From the sysctl output, I suppose it can't be a conntrack table overflow :
2017 Mar 28
2
SipVicious scans getting through iptables firewall - but how?
My firewall and asterisk pjsip config only has "permit" options for my
ITSP's (SIP trunk) IPs.
Here's the script that sets it up.
--------------------------------------------------
#!/bin/bash
EXIF="eth0"
/sbin/iptables --flush
/sbin/iptables --policy INPUT DROP
/sbin/iptables --policy OUTPUT ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -m
2019 Feb 07
0
Samba and ufw
On Wed, 6 Feb 2019 16:05:40 -0500
Martin McGlensey via samba <samba at lists.samba.org> wrote:
> Rowland,
>
> Did some editing in smb.conf that I had to reverse. Now I'm back to
> being able to connect with the firewall disabled. When I enable the
> firewall I get as far as windows network -> workgroup but no
> connection. I have only the rules you recommended in
2019 Feb 11
2
,Re: Samba and ufw
Louis,
Tried the rules you suggested:
These work. I think that rules out any Windows problems.
ufw insert 1 allow in on enp2s5 from 192.168.254.15 to 192.168.254.39
ufw insert 2 allow in on enp2s5 from 192.168.254.39 to 192.168.254.15
These do not work.
ufw insert 1 allow in on enp2s5 proto tcp from 192.168.254.0/24 to 192.168.254.39 port 139,445
ufw insert 2 allow in on enp2s5 proto udp from
2019 Feb 07
0
Samba and ufw
Yes,
Try this ( copy past-able. )
ufw disable
ufw reset
ufw limit 22/tcp
ufw allow in proto tcp from any port 389,1024:65535 to any port 1024:65535
ufw allow 139,445/tcp
ufw allow 137,138/udp
ufw --force enable
Sorry for the late reply, but im bit busy with some servers here.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org]
2017 May 28
1
Ovirt Hosted-Engine VM iptables
Hi
I would like to add rules into the iptables of the Hosted Engine VM in
Ovirt.
the version is oVirt Engine Version: 4.1.1.8-1.el7.centos
I have tried using the normal process for iptables (iptables-save etc),
but it seems that the file
/etc/sysconfig/iptables
this is ignored in the Ovirt Engine VM.
How can I add permanent rules into the Engine VM?
Kind regards
Andrew
2015 Dec 29
0
Firewall trouble?
Hai,
Im missing a few things.
And maybe time server port to open? Are your dc's time server also?
These are the ports i've set.
TCP what im having.
22,42,53,88,135,139,389,445,464,636,3268,3269,1024:5000,49612:65535
How you did:
22,53,88,135,139,445,464,636,1024:5000,3268,3269
Your missing 42 389 and range : 49612:65535
UDP what im having.
53,67,68,88,123,137,138,389,464
How you
2019 Apr 24
0
Iptables blocks out going connetion some times
On Wed, 24 Apr 2019 at 06:01, likun <kun.li at ucarinc.com> wrote:
> Hi?guys.
>
> There is a wierd problem with iptables recently, hopes somebody can help
> me.
>
> I have installed Centos 7.2.1511 on a bare metal Dell server these days,
> disabled firewalld and enabled iptables.services, and setup a group of very
> simple rules, as the following:
>
>
I believe
2014 Apr 30
2
[Bug 917] New: Kernel OOPS on Kernel 3.14.2
https://bugzilla.netfilter.org/show_bug.cgi?id=917
Summary: Kernel OOPS on Kernel 3.14.2
Product: netfilter/iptables
Version: unspecified
Platform: x86_64
OS/Version: Debian GNU/Linux
Status: NEW
Severity: critical
Priority: P5
Component: NAT
AssignedTo: netfilter-buglog at lists.netfilter.org
2017 Jun 26
0
Accepting RELATED, ESTABLISHED (TCP) connections into VM using Network Filters
Hi,
Over the past few days I've been trying to get a prototype working of a stateful firewall for a Virtual Machine using Libvirt's network filters.
My goal is to replace the current custom Python/Java code in the Apache CloudStack [0] project by Network Filters of Libvirt.
Both IPv4 and IPv6 should work, but I started off with IPv4 and I have issues with accepting back
2019 Sep 01
2
Problem to access from Win to Win after classicupdate to Samba DC 4.10.7
I have do a classicupdate from a NT4 style domain to Samba DC 4.10.7
BIND_DLZ without (apparently) problem
All seem work fine, access to PC work, join or re-join a PC to domain
work, access from a Linux samba member server to Win7 PC work, access
from Win7 to samba member server work.
But I cannot access from a PC with win7 to another PC with win7.
If I try to access from win7-0 to win7-1 via
2016 Jan 23
5
RX dropped packets on guests subnets
Hello,
I have first a question (and then may be a problem), that I have difficulties to understand and eventually to investigate.
On each of my guests VM, I see constantly a RX dropped number increasing , Even if the VM does nothing !
ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.15 netmask 255.255.255.0 broadcast 192.168.100.255
2019 Sep 02
2
Problem to access from Win to Win after classicupdate to Samba DC 4.10.7
Il giorno lun, 02/09/2019 alle 08.26 +0100, Rowland penny via samba ha
scritto:
> > set 01 22:36:56 s-addc.studiomosca.net named[639]: samba_dlz:
> > cancelling transaction on zone studiomosca.net
>
> That is showing that a client isn't being allowed to update a record.
Is it possible to cure it in some way?
> > [2] ----[smb.conf]
> >
> Please do not post