ipchains & samba ports
Mike O'Neill
mikeo at redhillstudios.com
Wed Jan 3 18:27:11 GMT 2001
I want to thank those of you who replied and add my own comments for the
record. I found that on our network we need to open ports 137:139 for input
and 135:139 for output. I'm not sure why the extra ports were needed for
the output, but I do know that the "path to the (server share)" could not be
found without the extra output ports open. -mike
>> Can someone please share their ipchains for samba? Do all the netbios ports
>> (135:139) need to be open? Are they all that's needed? -mike
>
> Yep - 137 through 139 need to be open to the local network, and closed
> to the outside world.
>
> You can do that with the following script (of course, there are many
> wasy to do this):
>
> localaddress=192.168.1.0/24
> remoteport=eth1
> for protocol in tcp udp
> do
> for port in 137 138 139
> do
> /sbin/ipchains -A input -p $protocol --dport $port -s $localaddress
> -j ACCEPT
> /sbin/ipchains -A input -p $protocol --dport $port -i $remoteport -j
> DENY
> done
> done
>
> Obviously, change the localaddress and remoteport to suit your needs
> (like ppp0 for the typical dial-up connection).
>
> Calvin
>
> --
> Calvin Dodge
> Certified Linux Bigot (tm)
> http://www.caldodge.fpcc.net
More information about the samba
mailing list