[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

smb browsing broken by firewall

From: "Charles R. Anderson" <cra WPI EDU>
To: fedora-devel-list redhat com
Subject: smb browsing broken by firewall
Date: Sun, 18 Jan 2004 23:55:14 -0500

If you run system-config-securitylevel and enable the firewall, the
default iptables rules utilize conntrack for a stateful firewall. 
This is a good thing.

The rules, however, are insufficient to allow network browsing to work
in SMB applications such as nautilus smb:/// (Network Servers).  I
have traced this down to the fact that iptables/netfilter conntrack
code does not support tracking protocols which use broadcast/multicast
packets.  This will affect all broadcast/multicast-based network
clients.

My question is, how should we fix this?  This thread mentions the
possibility of implementing the broadcast/multicast support in the
conntrack kernel module, or using the -m recent module to poke holes
in the firewall:

http://www.spinics.net/lists/netfilter/msg21815.html

What are people's thoughts on how to solve this problem?

Follow-Ups:
- Re: smb browsing broken by firewall
  - From: shane

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]