[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

smb browsing broken by firewall



If you run system-config-securitylevel and enable the firewall, the
default iptables rules utilize conntrack for a stateful firewall. 
This is a good thing.

The rules, however, are insufficient to allow network browsing to work
in SMB applications such as nautilus smb:/// (Network Servers).  I
have traced this down to the fact that iptables/netfilter conntrack
code does not support tracking protocols which use broadcast/multicast
packets.  This will affect all broadcast/multicast-based network
clients.

My question is, how should we fix this?  This thread mentions the
possibility of implementing the broadcast/multicast support in the
conntrack kernel module, or using the -m recent module to poke holes
in the firewall:

http://www.spinics.net/lists/netfilter/msg21815.html

What are people's thoughts on how to solve this problem?




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]