Samba don´t start when ipfw active
Hi,
I´m using Samba 3.2.15_2 and ipfw in a box FreeBsd 8.1.
All seems to run right except for the fact that samba dos not comes up
if ipfw is active.
I just need to stop ipfw and start samba and them start ipfw.
The logs of security dos not report any Deny rule from ports of samba or anything
related.
Next, the erros that log.nmbd show:
If ipfw is deactivate, samba starts and show the following message at log.nmbd:
In ipfw script exist the following rules for samba:
Obs.:
${rede} means my internal network.
Ex.:192.168.0.0/24.
${pdc_externo} means the external ip of the server.
Ex.:192.168.100.1/32
${pdc_interno} means the internal ip of the server.
Ex.:192.168.0.254/32
${ife} means my external interface pluged at modem.
Ex.:192.168.100.1/32
Thanks for help.
Hi,
I´m using Samba 3.2.15_2 and ipfw in a box FreeBsd 8.1.
All seems to run right except for the fact that samba dos not comes up
if ipfw is active.
I just need to stop ipfw and start samba and them start ipfw.
The logs of security dos not report any Deny rule from ports of samba or anything
related.
Next, the erros that log.nmbd show:
Code:
[2010/10/11 14:56:54, 0] libsmb/nmblib.c:send_udp(839)
Packet send failed to 255.255.255.255(137) ERRNO=Permission denied
[2010/10/11 14:56:54, 0] nmbd/nmbd_packets.c:send_netbios_packet(160)
send_netbios_packet: send_packet() to IP 255.255.255.255 port 137 failed
[2010/10/11 14:56:54, 0] nmbd/nmbd_nameregister.c:register_name(513)
register_name: Failed to send packet trying to register name NEOPDC<20>
[2010/10/11 14:56:54, 0] libsmb/nmblib.c:send_udp(839)
Packet send failed to 255.255.255.255(137) ERRNO=Permission deniedIf ipfw is deactivate, samba starts and show the following message at log.nmbd:
Code:
[2010/10/25 08:46:49, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(110)
*****
Samba server NEOPDC is now a domain master browser for workgroup CEC on subnet 192.168.0.254
*****In ipfw script exist the following rules for samba:
Code:
# SAMBA
${fwcmd} add set 14 allow log all from any to any dst-port 137,138,139,443,445
${fwcmd} add set 14 allow log all from me to any
${fwcmd} add set 14 allow log all from ${rede} to 192.168.0.255 keep-state
${fwcmd} add set 14 allow log udp from any to 255.255.255.255 137,138
# Samba BROADCAST
${fwcmd} add set 14 allow log logamount 50000 udp from any to 255.255.255.255 keep-state
${fwcmd} add set 14 allow log logamount 50000 udp from ${pdc_externo} to 255.255.255.255 out via ${ife} setup keep-state
${fwcmd} add set 14 allow log logamount 50000 all from ${rede} to any
${fwcmd} add set 14 allow all from me to any
${fwcmd} add set 14 allow log logamount 50000 all from ${rede} to 192.168.0.255
${fwcmd} add set 14 allow log udp from ${pdc_interno} to any out via ${ife} setup keep-state
${fwcmd} add set 14 pass log udp from ${pdc_externo} to any out via ${ife} setup keep-state
# WINBIND
${fwcmd} add set 14 allow log logamount 50000 all from ${pdc_externo} to 255.255.255.255 out via ${ife} setup keep-stateObs.:
${rede} means my internal network.
Ex.:192.168.0.0/24.
${pdc_externo} means the external ip of the server.
Ex.:192.168.100.1/32
${pdc_interno} means the internal ip of the server.
Ex.:192.168.0.254/32
${ife} means my external interface pluged at modem.
Ex.:192.168.100.1/32
Thanks for help.