[linux-cifs-client] samba-client, cifs, and iptables on Linux
christophchamp
christoph.champ at gmail.com
Wed Apr 11 23:49:58 GMT 2007
Hi. I am new to this forum (but not new to Linux). I have a small network of
computers (all running Mandriva Linux 2007.0) and an outside Windows box
(running Windows Server 2003 SP1). The Windows box has Samba running and I
am trying to mount a Samba share on one of my Linux boxes.
Note: I will use the following (example) IP addresses for the remaining of
this post. Windows box = 128.195.253.31; Linux box = 10.0.37.22.
All of my Linux boxes are behind a dedicated firewall (running Gibraltar
Firewall and using iptables). When I turn off my firewall, I can mount the
samba share, using the following command, fine:
mount -t cifs //128.195.253.31/path /mnt/samba -o username=username
After turning my firewall back on, I can not, of course, mount this same
samba share (nice, my firewall works; for this, at least). After adding the
following rules to my iptables, again, I was able to mount the same samba
share just fine:
-A FORWARD -s 128.195.253.31/24 -d 10.0.37.22 -p tcp -m tcp --dport 137 -j
ACCEPT
-A FORWARD -s 128.195.253.31/24 -d 10.0.37.22 -p udp -m udp --dport 137 -j
ACCEPT
-A FORWARD -s 128.195.253.31/24 -d 10.0.37.22 -p tcp -m tcp --dport 138 -j
ACCEPT
-A FORWARD -s 128.195.253.31/24 -d 10.0.37.22 -p udp -m udp --dport 138 -j
ACCEPT
-A FORWARD -s 128.195.253.31/24 -d 10.0.37.22 -p tcp -m tcp --dport 139 -j
ACCEPT
-A FORWARD -s 128.195.253.31/24 -d 10.0.37.22 -p udp -m udp --dport 139 -j
ACCEPT
-A FORWARD -s 128.195.253.31/24 -d 10.0.37.22 -p tcp -m tcp --dport 445 -j
ACCEPT
-A FORWARD -s 128.195.253.31/24 -d 10.0.37.22 -p udp -m udp --dport 445 -j
ACCEPT
Everything was working just fine. Then, one day, I decided to add a NAT rule
for an unrelated machine doing unrelated thing (i.e., nothing to do with
Samba). After that, my samba share stopped working. It would not allow me to
mount my samba share, no matter what I did (unless I turned off the
firewall; then it worked just fine).
So, my question is this: Are the above iptables rules sufficient (i.e. I
only need to FORWARD from source to destination IP addresses using the ports
137-139,445 as TCP/UDP)? If so, what am I missing (why is it no longer
working). If not, what other rules should I add to my iptables?
As a side note, there have been Windows updates on the Windows box. I should
quickly add that this Windows box is run and maintained by a different guy
(whom I am in contact with) and I know very little about Windows.
Thank you, in advance, for any help you might be able to provide me with.
--
View this message in context: http://www.nabble.com/samba-client%2C-cifs%2C-and-iptables-on-Linux-tf3562637.html#a9950601
Sent from the Samba - linux-cifs-client mailing list archive at Nabble.com.
More information about the linux-cifs-client
mailing list