Mailinglist Archive: opensuse (3464 mails)
| < Previous | Next > |
[opensuse] RE: Ports used for Samba service - Just one more time is someones knows the answer
- From: Registration Account <alpha096@xxxxxxxxxx>
- Date: Sat, 14 Apr 2007 11:20:07 +1000
- Message-id: <46202C47.6050704@xxxxxxxxxx>
I have set up a samba server all o.k. I cannot even view any workgroup.
This is a result of internal security which I control. I was of the
belief that Samba uses Netbios for transmitting and advertising on the
LAN and have enabled TCP/UDP 137-139 on the required route
192.168.100.0/24 that the workstations are on that I want Samba services
to be available.
As I cannot see the workgroup I have obviously missed some other
dependant Ports to Samba services. Can anyone tell me which Ports are
required to be open. This has nothing to do the the PC firewall which is
correctly displaying 'samba server' on the PC that is running the
process and I have tried turning off all PC firewalls on the PC's which
I want samba services to be available.
If someone can let me know what Ports Samba requires I can correct the
Internal Security issue.
Many Thanks
Scott
Thanks to those who have offered suggestions
udp 137:139
tcp 137,139
udp 137
udp 137:139
tcp 137,139
In my original text above I already have enabled these Ports - These ports
as a groups represent Netbios!
As for Port 1024 - It is currently reserved not for use and no one have
requested its reservation
udp 1024: 137
--
_____________________________________
John Andersen
udp 137, 138 tcp 139 (and if xp) 445
John - Again I have already opened these Ports with the exception of
TCP/UDP 445 - which is designated as Microsoft - DNS. Opening or closing
port 445 on a Linux or Windows XP has no consequences. Port 445 is only one
of the ports used by Microsoft to facilitate remtore-access and is not
applicable.
-- Joe Morris Registered Linux user 231871 running openSUSE 10.2 x86_64
udp 137, 138 tcp 139 (and if xp) 445
Joe - please see above.
With respect to XP security you want to add a large section of remote
access capability you need to halt the process SVCHOST.exe. This process is
not widely understood, however it is an integral part of remote access.
If deny this service (and there are multiple copies normally running) you
will inhibit, Synchronisation of Date/Time, Auto Downloads of uplodes, AND
you will stop the abundant number of messages sent via either HTTP AND
HTTPS that are sent automatically to Microsoft ever 3-5 minutes.
There is no knowledge of the contents of this traffic or why it is
initiated - it plays NO part in checking for MS updates - only auo
downloading them
Apart from that XP will function perfectly and if you have a large Network
it will cut your traffic down quite a bit.
Now back to Samba - The Samba Server Must use a Port number to facilitate
comms to it.
I just thought that someone might still know off the top of their head
which Port(s) it requires. The Port will of course be above 1024.
Any other security consultants out there who might know - No Problem if
there is not - I can monitor the LAN with Wireshark, however it is my last
resport as it would take many hours of recording Lan traffic and sitting
down for analysis.
Scott
This is a result of internal security which I control. I was of the
belief that Samba uses Netbios for transmitting and advertising on the
LAN and have enabled TCP/UDP 137-139 on the required route
192.168.100.0/24 that the workstations are on that I want Samba services
to be available.
As I cannot see the workgroup I have obviously missed some other
dependant Ports to Samba services. Can anyone tell me which Ports are
required to be open. This has nothing to do the the PC firewall which is
correctly displaying 'samba server' on the PC that is running the
process and I have tried turning off all PC firewalls on the PC's which
I want samba services to be available.
If someone can let me know what Ports Samba requires I can correct the
Internal Security issue.
Many Thanks
Scott
Thanks to those who have offered suggestions
udp 137:139
tcp 137,139
udp 137
udp 137:139
tcp 137,139
In my original text above I already have enabled these Ports - These ports
as a groups represent Netbios!
As for Port 1024 - It is currently reserved not for use and no one have
requested its reservation
udp 1024: 137
--
_____________________________________
John Andersen
udp 137, 138 tcp 139 (and if xp) 445
John - Again I have already opened these Ports with the exception of
TCP/UDP 445 - which is designated as Microsoft - DNS. Opening or closing
port 445 on a Linux or Windows XP has no consequences. Port 445 is only one
of the ports used by Microsoft to facilitate remtore-access and is not
applicable.
-- Joe Morris Registered Linux user 231871 running openSUSE 10.2 x86_64
udp 137, 138 tcp 139 (and if xp) 445
Joe - please see above.
With respect to XP security you want to add a large section of remote
access capability you need to halt the process SVCHOST.exe. This process is
not widely understood, however it is an integral part of remote access.
If deny this service (and there are multiple copies normally running) you
will inhibit, Synchronisation of Date/Time, Auto Downloads of uplodes, AND
you will stop the abundant number of messages sent via either HTTP AND
HTTPS that are sent automatically to Microsoft ever 3-5 minutes.
There is no knowledge of the contents of this traffic or why it is
initiated - it plays NO part in checking for MS updates - only auo
downloading them
Apart from that XP will function perfectly and if you have a large Network
it will cut your traffic down quite a bit.
Now back to Samba - The Samba Server Must use a Port number to facilitate
comms to it.
I just thought that someone might still know off the top of their head
which Port(s) it requires. The Port will of course be above 1024.
Any other security consultants out there who might know - No Problem if
there is not - I can monitor the LAN with Wireshark, however it is my last
resport as it would take many hours of recording Lan traffic and sitting
down for analysis.
Scott
| < Previous | Next > |