Kinda OT.
I've been trying to get Samba running on a Centos 5 box for some time now, but can't seem to get it to happen. I can not connect to the machine from our external network but I can connect from a box on the same network. So it seems like a firewall problem.
Funny thing is I have no problem with Samba on a Centos 6 box. For now, that's the one I'm using for all of my mounts. I have looked and looked at my firewall to try and find a difference in the "allows", but can find nothing, so I ask...
Does anyone have a clue as to whether there was a difference in the setup for Samba on Centos 5 from the setup on Centos 6 that might be a 'gotcha'?
Sorry for the stupidity. I've checked all the ports needed, both TCP and UDP, and they all seem to be open. I'm hoping there was a change in defaults or something I'm just overlooking.
Thanks steve campbell
On Mon, 2014-03-10 at 11:45 -0400, Steve Campbell wrote:
Kinda OT.
I've been trying to get Samba running on a Centos 5 box for some time now, but can't seem to get it to happen. I can not connect to the machine from our external network but I can connect from a box on the same network. So it seems like a firewall problem.
This is covering the basics, but did you perhaps limit the IP range allowed to connect to the samba service in /etc/samba/smb.conf in either the interfaces = or hosts allow = statements to exclude the external network? As far as I know these statements have not changed between CentOS 5 and 6. Sane defaults typically limit this so your shares are not potentially exposed to the wider internet.
Alternatively, is your default route set up properly for the other network on both machines?
If your samba is configured for access via tcp_wrappers /etc/hosts.allow and /etc/hosts.deny comes into play. This is again not standard configuration.
If these suggestions don't solve it we may need extracts from your configuration files. Exclude comments and mask sensitive information before you post these.
In the basic port open or not firewall configuration the server should not care where the connection comes from so I would look at the samba configuration first.
On 3/10/2014 7:03 PM, Hendrik Strydom wrote:
On Mon, 2014-03-10 at 11:45 -0400, Steve Campbell wrote:
Kinda OT.
I've been trying to get Samba running on a Centos 5 box for some time now, but can't seem to get it to happen. I can not connect to the machine from our external network but I can connect from a box on the same network. So it seems like a firewall problem.
This is covering the basics, but did you perhaps limit the IP range allowed to connect to the samba service in /etc/samba/smb.conf in either the interfaces = or hosts allow = statements to exclude the external network? As far as I know these statements have not changed between CentOS 5 and 6. Sane defaults typically limit this so your shares are not potentially exposed to the wider internet.
Alternatively, is your default route set up properly for the other network on both machines?
If your samba is configured for access via tcp_wrappers /etc/hosts.allow and /etc/hosts.deny comes into play. This is again not standard configuration.
If these suggestions don't solve it we may need extracts from your configuration files. Exclude comments and mask sensitive information before you post these.
In the basic port open or not firewall configuration the server should not care where the connection comes from so I would look at the samba configuration first.
Thanks very much. Both hosts.allow and hosts.deny are empty. I've set the interface to be specifically the IP that all of these would originate from.
I'm sure it firewalling, I just don't see it yet. I was just checking to see if any of the defaults from versions had changed mostly, something less obvious hidden in comments in the config file. I'm not seeing anything in log files on the samba server or the firewall.
Again thanks,
steve
On Tue, Mar 11, 2014 at 7:11 AM, Steve Campbell campbell@cnpapers.comwrote:
I'm sure it firewalling, I just don't see it yet. I was just checking to see if any of the defaults from versions had changed mostly, something less obvious hidden in comments in the config file. I'm not seeing anything in log files on the samba server or the firewall.
Have you ran tcpdump on the samba server yet?
tcpdump -i <interface> -nn port 135 or portrange 137-139 or port 445
Add the host or network filter to constrain to just the Samba traffic from a certain host or network. tcpdump -i <interface> -nn host x.x.x.x and (port 135 or portrange 137-139 or port 445) tcpdump -i <interface> -nn net x.x.x.x/y and (port 135 or portrange 137-139 or port 445)
You might rather log the packet capture to file and then open it in Wireshark... tcpdump -i <interface> -nn net x.x.x.x/y and (port 135 or portrange 137-139 or port 445) -w /tmp/samba_traffic.pcap
[0] http://wiki.samba.org/index.php/Samba_port_usage [1] http://www.danielmiessler.com/study/tcpdump/
-
Hendrik Strydom -
SilverTip257 -
Steve Campbell