IPFW IPFW and Samba

Y

yethie

Hello,

I have a FreeBSD 11.2 system with Samba installed. If I enable ipfw Samba clients can still connect and browse the filesystem but cannot download most of the files (it looks like the smallest files can be opened). Ipfw is configured in "open" mode:

Code: 
firewall_enable="YES"
firewall_type="OPEN"
natd_enable="YES"
natd_interface="alc0"
natd_flags=""

And the resulting rules are the following (ipfw show):

Code: 
00050 9369 6621885 divert 8668 ip4 from any to any via alc0
00100 2986  192550 allow ip from any to any via lo0
00200    0       0 deny ip from any to 127.0.0.0/8
00300    0       0 deny ip from 127.0.0.0/8 to any
00400    0       0 deny ip from any to ::1
00500    0       0 deny ip from ::1 to any
00600    3     244 allow ipv6-icmp from :: to ff02::/16
00700    0       0 allow ipv6-icmp from fe80::/10 to fe80::/10
00800    2     172 allow ipv6-icmp from fe80::/10 to ff02::/16
00900    0       0 allow ipv6-icmp from any to any ip6 icmp6types 1
01000    0       0 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
65000 9326 6616397 allow ip from any to any
65535    0       0 deny ip from any to any

Is there any additional rule I should add to fix the problem?
Thanks!
Francesco
 
So, for my understanding are you implying that if IPFW is not running everything works?
I doubt that it is related to your firewall because it is configured as OPEN (rule 65000 allows all packets).
My opinion; no you do not need any additional firewall rules to fix the problem. The problem is not related to your firewall.
 
Hello Duffyx, thanks for your response.
What I actually see is that if the firewall is enabled the problem shows up, while everything works as expected by disabilng the firewall with the command: ipfw disable firewall

Do you have any suggestion about how to investigate the issue?

Thanks!
Francesco
 
You appear to have only one interface; alc0. Why did you enable NAT?
 
I also have OpenVPN and without NAT I was not able to let machines in different networks to see each other.
I actually enabled both ipfw and nat only to have a working OpenVPN installation.
 
yethie said:
I also have OpenVPN and without NAT I was not able to let machines in different networks to see each other.
Click to expand...
There's probably no need for NAT here. You just need to make sure your routing tables are correctly set up.
 
Unfortunately I'm not a system/network administrator so I do not know exactly what's going on behind the scenes, what I know is that if I issue

ipfw enable firewall

then OpenVPN works (I can ping a machine in the server's subnet from an OpenVPN client) but Samba does not (I can browse but I cannot transfer files).
If I disable the firewall then Samba works correctly but OpenVPN does not (OpenVPN clients do not see the server's subnet anymore).
While struggling to use OpenVPN I found this link and managed to fix the problem by enabling ipfw and nat, I did not touch the routing tables.

I would like to investigate the problem further but I don't know which tools to use or which logs to enable. Do you have any suggestion for me?

Thanks
Francesco
 
You must log in or register to reply here.
Back
Top