This is really old problem, and I did solved it once, but right now I have no access to that machine... Anyway: SuSE 10.0 need to be a client to WinXP share. Samba client is configured. XP firewall is set OK. If I shut down SuSE's firewall, the network browsing works ok. With firewall enabled, no luck at all. I have allowed ports 135..139 and 445 on the firewall. Now, I can connect to the XP machine using it's IP address, i.e. from konqi smb://192..../ lists all the shares there. But only "smb:/" to browse for computer name does not work. I googled a lot, and still all suggestions are to disable firewall??? or to use the IP of the XP machine. So, can someone remember a solution? Cheers -- -- Svetoslav Milenov (Sunny)
On Sunday 23 October 2005 04:00, Sunny wrote:
This is really old problem, and I did solved it once, but right now I have no access to that machine...
Anyway: SuSE 10.0 need to be a client to WinXP share. Samba client is configured. XP firewall is set OK. If I shut down SuSE's firewall, the network browsing works ok. With firewall enabled, no luck at all. I have allowed ports 135..139 and 445 on the firewall. Now, I can connect to the XP machine using it's IP address, i.e. from konqi smb://192..../ lists all the shares there. But only "smb:/" to browse for computer name does not work.
I googled a lot, and still all suggestions are to disable firewall??? or to use the IP of the XP machine.
So, can someone remember a solution?
Cheers
OK, I can confirm that enabling TCP ports 137 and 445, and UDP 138 and 139 do allow me to connect to a share (if I know the IP), but not to browse the workgroup. I also tried to add port 137, 138, 139 and 445 in the "Broadcast" section for the external zone. It did not help. Complete disabling of the firewall allows me to browse the network, so I guess there is something else to be enabled, but I can not find anything in google, or in the mail archives, nor on SuSE KB. What have to be this mysterious port? Cheers Sunny
Sunny wrote:
OK, I can confirm that enabling TCP ports 137 and 445, and UDP 138 and 139 do allow me to connect to a share (if I know the IP), but not to browse the workgroup. I also tried to add port 137, 138, 139 and 445 in the "Broadcast" section for the external zone. It did not help.
What have to be this mysterious port?
Cheers Sunny
Sunny, I believe you are looking for port 135. Maybe 136 too, but 135 should be the one. Good luck! James W
Distributed File System The Distributed File System (DFS) integrates disparate file shares that are located across a local area network (LAN) or wide area network (WAN) into a single logical namespace. The DFS service is required for Active Directory domain controllers to advertise the SYSVOL shared folder. System service name: *Dfs* *Application protocol* *Protocol* *Ports* NetBIOS Datagram Service UDP 138 NetBIOS Session Service TCP 139 LDAP Server TCP 389 LDAP Server UDP 389 SMB TCP 445 RPC TCP 135 DNS Server The DNS Server service enables DNS name resolution by answering queries and update requests for DNS names. DNS servers are required to locate devices and services that are identified by using DNS names and to locate domain controllers in Active Directory. System service name: *DNS* *Application protocol* *Protocol* *Ports* DNS UDP 53 DNS TCP 53 Please look at: http://support.microsoft.com/kb/832017#XSLTH3151121121120121120120 for more information, or if the tables I pasted in above don't come out right when you recieve this e-mail. Good luck! James W
On Sunday 23 October 2005 15:57, James Wright wrote:
Sunny wrote:
Sunny, I believe you are looking for port 135. Maybe 136 too, but 135 should be the one. Good luck!
James W
Thanks James, but no :( So, after a series of try and fails I got to there: If you want to access Win XP shared resources (no domain involved, just workgroup), using the syntax (in konq): smb://192.168.xxx.xxx/ - no special ports opening in the firewall are needed. Neither 137-139, nor 445. It just asks for user/pass and lists the shares. If you want to list so called "Network Neighborhood" - i.e. typing in konq "smb:/", and to list all available workgroups, etc., then one have to open UDP port range 1025:1100. Then a workgroup discovery works. I did tried to shorten the range, but unsuccessfully. In most cases 1025:1060 will work, but not always. I do not know what's in that range connected to windows networking, but after more than 12 hours experiments these are the results which work for me. Unfortunately, C/C++ are not my strongest side, so I most probably will not understand whats going on, reading the source of kio_smb module of konqueror. Most probably there is the answer. Otherwise, I do not see anything in IANA port list to explain, why this port range is required. I tried nmap -sU -sS scan against the machine, and it did not reveal anything unusual, i.e. it even did not show the range open, when it is. So ... mystery for me :) I'd like to hear from someone more knowledgeabe than me what's going on. Cheers Sunny
On Monday 24 October 2005 04:11, Sunny wrote:
I'd like to hear from someone more knowledgeabe than me what's going on.
Hi Sunny, I'm not an expert and this topic seems to be a somewhat moving target, anyway, but I've been gradually studying this document: "FAQ: Firewall Forensics (What am I seeing?)", available here: (warning: very large) http://www.robertgraham.com/pubs/firewall-seen.html Confession: I didn't have time to check if it covers exactly this topic, but I'd be very surprised if it didn't. regards, - Carl
On 10/24/05, Carl Hartung
On Monday 24 October 2005 04:11, Sunny wrote:
I'd like to hear from someone more knowledgeabe than me what's going on.
Hi Sunny,
I'm not an expert and this topic seems to be a somewhat moving target, anyway, but I've been gradually studying this document: "FAQ: Firewall Forensics (What am I seeing?)", available here: (warning: very large)
http://www.robertgraham.com/pubs/firewall-seen.html
Confession: I didn't have time to check if it covers exactly this topic, but I'd be very surprised if it didn't.
regards,
- Carl
Thanks Carl. This link does not resolve, but I found the document here: http://www.linuxsecurity.com/resource_files/firewalls/firewall-seen.html Reading the document, looks like ports 1024 and up are assigned randomly when an application needs a free port. So I guess kio_smb is opening some port in that range, and then sends a request for browsing, in which it describes where it listens ?!?!?!?, and the wins server returns the response on that port. I may be completely offroad of course, as I did not check the source of kio_smb, neither if I look at it, I'm capable to understand it :). Anyway, looks like my solution works for now. Later I'll post it on some kde list to see what the guys there can say. Cheers Sunny -- -- Svetoslav Milenov (Sunny)
participants (3)
-
Carl Hartung
-
James Wright
-
Sunny