Samba browsing [was: What I HATE about F11]
Chuck Anderson
cra at WPI.EDU
Sun Jun 14 18:58:19 UTC 2009
On Sun, Jun 14, 2009 at 10:35:53AM +0200, Martin Sourada wrote:
> > * Samba (outbound) browsing requires firewall mods
> I don't know how Samba works, so forgive me if I say obvious stupidity,
> but shouldn't *client* work even behind closed firewall (like with any
> other services like ssh, ftp, ...)? Isn't this a samba bug then?
Not a samba bug, but rather a s-c-firewall/iptables bug. I was
involved way back when to make this "just work" out of the box [2],
but it seems we've regressed in this area. There is an iptables
module called "nf_conntrack_netbios_ns" that makes browsing possible
without opening up firewall holes. You can enable it by adding it to
the IPTABLES_MODULES list in /etc/sysconfig/iptables-config:
IPTABLES_MODULES="nf_conntrack_netbios_ns"
You shouldn't need to poke a hole for 137/udp or 138/udp in the
firewall when using this module. When an outbound browse broadcast is
made, this module allows the replies back in automatically.
Help would be appreciated with this since there is a scarcity of
NetBIOS Browsing capability where I am these days:
[1] https://bugzilla.redhat.com/show_bug.cgi?id=469884
Original bug that proposed the creation of the iptables module:
[2] https://bugzilla.redhat.com/show_bug.cgi?id=113918
More information about the devel
mailing list