HI, everyone.
I have a ClearOS server with Samba and Flexshare taking care of my file sharing. The shares works fine, but it's only acessible via IP number, not by its netbios name.
In other words, I can access it from Windows machines by entering \\192.168.1.40\share, but not by \\fileserver\share.
However, I found out that if I turn off the firewall, it works!
But here's the problem, I've already added NetBIOS service in firewall (ports UDP 137:138 -- as well as SMB 139 and SMB_TCP 445) and it just doesn't work with the firewall on.
For what I understand, is the firewall that it blocking the service, but my question is, which ports should I be whitelisting, besides 137-138?
Best regards,
GG
I have a ClearOS server with Samba and Flexshare taking care of my file sharing. The shares works fine, but it's only acessible via IP number, not by its netbios name.
In other words, I can access it from Windows machines by entering \\192.168.1.40\share, but not by \\fileserver\share.
However, I found out that if I turn off the firewall, it works!
But here's the problem, I've already added NetBIOS service in firewall (ports UDP 137:138 -- as well as SMB 139 and SMB_TCP 445) and it just doesn't work with the firewall on.
For what I understand, is the firewall that it blocking the service, but my question is, which ports should I be whitelisting, besides 137-138?
Best regards,
GG
In Firewall
Share this post:
Responses (3)
-
Accepted Answer
I think there is a broadcast somewhere in the NetBIOS name sesolution. You could try setting up tcpdump and sniffing the traffic.
DNS will work fine. If you add an entry for netbios_name.your.domain, ClearOS will try to append your LAN domain to the name it receives for DNS lookup if it does not contain a ".". Probably this will be much easier than sniffing the packet. Also, I think Windoze tries the same trick and adds the "DNS Suffix Search List" value from "ipconfig /all" to the NetBIOS name and tries to resolve that (whether on not you have a "." in the name which leads to some stupid DNS lookups leaking out onto the internet). -
Accepted Answer
Hello,
thank you for your answer.
Yes, 139 and 445 are TCP rules. The sharing itself (which uses those ports) works fine, no problems there. My problem is just name resolution.
My current firewall is allowing theses ports/services:
UDP 137-138
TCP 137
TCP 139
TCP 445
besides some other (22, 81, etc)
I have also tried ports 53 (DNS), 88 (Kerberos), 135 (DCE RPC), 389 (LDAP), all together, without success. But it's just turn off the firewall, and everything works like a charm.
I know running without firewall is a workaround, but I'd like to keep it running, as this server has some open ports to the internet side.
Regarding your second idea, I can't add a pure netbios name to DNS server, it have to have a dot in it, doesn't it? like fileserver.local. That wouldn't be desirable too, cause my intention is to keep this server responding like the old I had (Windows). -
Accepted Answer
I don't know. by SMB 139 do you mean tcp:139. Some references mention tcp:137 as well but you'd need to research it. If ClearOS is on your LAN, most people run it without a firewall.
The other thing you can do is add the server's netbios name to its IP address in the DNS server. Then it will map by DNS and not NetBIOS.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »