2642 [Solved] Problem with Samba ports [Archive] - The FreeBSD Forums
PDA

View Full Version : [Solved] Problem with Samba ports

jasonhirsh
November 21st, 2010, 18:37
I have recently started a new server running 8.1 with IPFW complied. I have been trying to get samba 3.4 running so I have IPFW running in open mode. TESTPARM shows samba is running properly


Sockstat shows (in part)

root smbd 1153 24 tcp4 *:445 *:*
root smbd 1153 25 tcp4 *:139 *:*


which I understand means Samba is using those ports as it should


IPFW SHOEW resulys:

00100 332 113122 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
00400 0 0 deny ip from any to ::1
00500 0 0 deny ip from ::1 to any
00600 0 0 allow ipv6-icmp from :: to ff02::/16
00700 0 0 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 0 0 allow ipv6-icmp from fe80::/10 to ff02::/16
00900 0 0 allow ipv6-icmp from any to any ip6 icmp6types 1
01000 0 0 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
65000 114484 24508193 allow ip from any to any
65535 3 507 deny ip from any to any



but smbclient - L can't find the services, the smb logs show no connection and an external port scan shows 139 open but 445 closed. Sounds like a firewall issue to me...
jasonhirsh
November 23rd, 2010, 01:06
OK I have modifed the rules

IPFW Show now states



00010 5881 16467066 allow ip from any to any via lo0
00011 414132 100083705 allow ip from any to any via re0
00012 0 0 allow ip from any to any via re0_alias
00020 0 0 allow ip from any to 127.0.0.0/8
00030 0 0 allow ip from 127.0.0.0/8 to any
00040 0 0 deny tcp from any to any frag
00050 0 0 check-state
00060 138 16645 allow tcp from any to any established
00070 247 49357 allow ip from any to any out keep-state
00080 0 0 allow icmp from any to any
00110 0 0 allow tcp from any to any dst-port 21 in
00120 0 0 allow tcp from any to any dst-port 21 out
00130 1 64 allow tcp from any to any dst-port 22 in
00140 0 0 allow tcp from any to any dst-port 22 out
00150 0 0 allow tcp from any to any dst-port 25 in
00160 0 0 allow tcp from any to any dst-port 25 out
00170 0 0 allow udp from any to any dst-port 53 in
00175 0 0 allow tcp from any to any dst-port 53 in
00180 0 0 allow udp from any to any dst-port 53 out
00185 0 0 allow tcp from any to any dst-port 53 out
00200 0 0 allow tcp from any to any dst-port 80 in
00210 0 0 allow tcp from any to any dst-port 80 out
00211 14 1092 allow udp from any to any dst-port 137 in
00212 0 0 allow tcp from any to any dst-port 137 in
00231 0 0 allow tcp from any to any dst-port 993 in
00232 0 0 allow tcp from any to any dst-port 993 out
00233 0 0 allow tcp from any to any dst-port 995 in
00234 0 0 allow tcp from any to any dst-port 995 out
00235 0 0 allow ip from any to any dst-port 1194 setup
00240 0 0 allow udp from any to me dst-port 1194
00245 0 0 allow tcp from any to any dst-port 2500 in
00250 0 0 allow tcp from any to any dst-port 2500 out
00255 0 0 allow tcp from any to any dst-port 9000 in
00255 0 0 allow tcp from any to any dst-port 9000 out
00500 426 53948 deny log ip from any to any
65535 2 156 deny ip from any to any


but when i do a port scan



Port Scanning host: 209.160.65.133

Open TCP Port: 21 ftp
Open TCP Port: 22 ssh
Open TCP Port: 25 smtp
Open TCP Port: 53 domain
Open TCP Port: 80 http
Open TCP Port: 110 pop3
Open TCP Port: 143 imap
Open TCP Port: 465 urd
Open TCP Port: 587 submission
Open TCP Port: 993 imaps
Open TCP Port: 995 pop3s
Open TCP Port: 2500 rtsserv



my rules


#loopback
$IPF 10 allow all from any to any via lo0
$IPF 11 allow all from any to any via re0
$IPF 12 allow all from any to any via re0_alias
$IPF 15 allow all from any to any via tap0 ks
$IPF 20 allow all from any to 127.0.0.0/8
$IPF 30 allow all from 127.0.0.0/8 to any
$IPF 35 allow all from any to 10.8.0.0/24
$IPF 37 allow all from 10.8.0.0/24 to any
$IPF 40 deny tcp from any to any frag


# statefull
$IPF 50 check-state
$IPF 60 allow tcp from any to any established
$IPF 70 allow all from any to any out keep-state
$IPF 80 allow icmp from any to any

# open port ftp (20,21), ssh (22), mail (25)
# http (80), dns (53) etc
$IPF 110 allow tcp from any to any 21 in
$IPF 120 allow tcp from any to any 21 out
$IPF 130 allow tcp from any to any 22 in
$IPF 140 allow tcp from any to any 22 out
$IPF 150 allow tcp from any to any 25 in
$IPF 160 allow tcp from any to any 25 out
$IPF 170 allow udp from any to any 53 in
$IPF 175 allow tcp from any to any 53 in
$IPF 180 allow udp from any to any 53 out
$IPF 185 allow tcp from any to any 53 out
$IPF 200 allow tcp from any to any 80 in
$IPF 210 allow tcp from any to any 80 out
$IPF 211 allow udp from any to any 137 in
$IPF 212 allow tcp from any to any 137 in
$IPF 213 allow udp from any to any 137 out KS
$IPF 214 allow tcp from any to any 137 out KS
$IPF 215 allow udp from any to any 138 in KS
$IPF 216 allow tcp from any to any 138 in KS
$IPF 217 allow udp from any to any 138 out KS
$IPF 218 allow tcp from any to any 138 out KS
$IPF 223 allow udp from any to any 139 in KS
$IPF 224 allow udp from any to any 139 out KS
$IPF 225 allow tcp from any to any 139 in KS
$IPF 226 allow tcp from any to any 139 out

$IPF 227 allow tcp from any to any 445 in KS
$IPF 228 allow udp from any to any 445 in KS
$IPF 229 allow tcp from any to any 445 out KS
$IPF 230 allow udp from any to any 445 ou KSt
$IPF 231 allow tcp from any to any 993 in
$IPF 232 allow tcp from any to any 993 out
$IPF 233 allow tcp from any to any 995 in
$IPF 234 allow tcp from any to any 995 out
$IPF 235 allow all from any to any dst-port 1194 setup
$IPF 240 allow udp from any to me dst-port 1194
$IPF 245 allow tcp from any to any 2500 in
$IPF 250 allow tcp from any to any 2500 out
jasonhirsh
January 10th, 2011, 18:04
solved when i opened port 81 for Netbios
SirDice
January 11th, 2011, 09:03
solved when i opened port 81 for Netbios

Netbios doesn't use port 81?!? Actually, nothing does.
jasonhirsh
January 11th, 2011, 21:01
Ok maybe it isn't netbios but when I opened port 81 as suggested in http://forums.freebsd.org/showthread.php?t=19675 Samba finally started working...
0