[Samba] iptables and samba
azeem ahmad
azeem484 at hotmail.com
Thu May 27 21:48:04 GMT 2004
its samba-2.2.7a-7.9.0 and i tried rejecting port 445 for tcp and udp but it
isnt working properly yet
Regards
Azeem
>From: Tom Skeren <tms3 at fsklaw.net>
>To: Andrew Gaffney <agaffney at skylineaero.com>
>CC: azeem ahmad <azeem484 at hotmail.com>, samba at lists.samba.org
>Subject: Re: [Samba] iptables and samba
>Date: Thu, 27 May 2004 14:41:07 -0700
>
>Andrew Gaffney wrote:
>
>>azeem ahmad wrote:
>>
>>>hi
>>>i m using the script below
>>>-------------------------------------------------------------------------------------------------------------------------------------
>>>iptables -F
>>>iptables -t nat -F
>>>iptables -P INPUT DROP
>>>iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>>>iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
>>>iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
>>>iptables -A INPUT -i eth0 -p tcp --dport 53 -j ACCEPT
>>>iptables -A INPUT -i eth0 -p udp --dport 53 -j ACCEPT
>>>iptables -A INPUT -i eth0 -p udp --dport 137 -j ACCEPT
>>>iptables -A INPUT -i eth0 -p udp --dport 138 -j ACCEPT
>>>iptables -A INPUT -i eth0 -p tcp --dport 139 -j ACCEPT
>>>
>>>-------------------------------------------------------------------------------------------------------------------------------------
>>>
>>>i have two shares on samba server "Soft and linux" in these shares there
>>>are many folders. whenever i run the above script and then i open the
>>>share it takes atleast 4 minutes to open the share. but it doesnt take
>>>time while browsing inside share.
>>>mean there is a folder on soft share like soft/adobe/acrobat/acrobat6
>>>when i double click on soft it takes atleast 4 minutes but after that
>>>when i click on adobe then acrobat then acrobat6 it takes now time it
>>>just browse them normally. same problem is with the other share named
>>>linux.
>>>but if i dont run this script then all shares work fine with no delay
>>>this problem only occures first time. mean when i browse the share next
>>>time it doesnt occur
>>
>>
>>This is a complete shot in the dark. Windows 2000 (probably) and XP
>>(definately) will look for a SMB server on port 445 first by default.
>>Since you have '-j DROP', the requests to 445 don't get a response. It
>>takes a little bit to timeout and then Windows probably tries to connect
>>again. I bet if you add the following iptables rule, the problem will go
>>away:
>>
>>iptables -A INPUT -i eth0 -p all --dport 445 -j REJECT
>>
>If you have Samba 3.x it will share on port 445.
>
>
_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8.
http://join.msn.com/?page=features/junkmail
More information about the samba
mailing list