[Samba] iptables and samba

Tom Skeren tms3 at fsklaw.net
Thu May 27 21:41:07 GMT 2004 

Andrew Gaffney wrote:

> azeem ahmad wrote:
>
>> hi
>> i m using the script below
>> -------------------------------------------------------------------------------------------------------------------------------------
>> iptables -F
>> iptables -t nat -F
>> iptables -P INPUT DROP
>> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>> iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
>> iptables -A INPUT -i eth0 -p tcp --dport 22   -j ACCEPT
>> iptables -A INPUT -i eth0 -p tcp --dport 53   -j ACCEPT
>> iptables -A INPUT -i eth0 -p udp --dport 53   -j ACCEPT
>> iptables -A INPUT -i eth0 -p udp --dport 137  -j ACCEPT
>> iptables -A INPUT -i eth0 -p udp --dport 138  -j ACCEPT
>> iptables -A INPUT -i eth0 -p tcp --dport 139  -j ACCEPT
>>
>> -------------------------------------------------------------------------------------------------------------------------------------
>>
>> i have two shares on samba server "Soft and linux" in these shares 
>> there are many folders. whenever i run the above script and then i 
>> open the share it takes atleast 4  minutes to open the share. but it 
>> doesnt take time while browsing inside share.
>> mean there is a folder on soft share like soft/adobe/acrobat/acrobat6
>> when i double click on soft it takes atleast 4 minutes but after that 
>> when i click on adobe then acrobat then acrobat6 it takes now time it 
>> just browse them normally. same problem is with the other share named 
>> linux.
>> but if i dont run this script then all shares work fine with no delay
>> this problem only occures first time. mean when i browse the share 
>> next time it doesnt occur
>
>
> This is a complete shot in the dark. Windows 2000 (probably) and XP 
> (definately) will look for a SMB server on port 445 first by default. 
> Since you have '-j DROP', the requests to 445 don't get a response. It 
> takes a little bit to timeout and then Windows probably tries to 
> connect again. I bet if you add the following iptables rule, the 
> problem will go away:
>
> iptables -A INPUT -i eth0 -p all --dport 445 -j REJECT
>
If you have Samba 3.x it will share on port 445.

More information about the samba mailing list