[Samba] samba and ipchains

Joel Hammer Joel at HammersHome.com
Wed Dec 18 23:57:01 GMT 2002

The general way of running down this sort of problem is to enable logging in
you  firewall rules and then watch what happens.

You would have a better idea of what is going on by printing out your
firewall ipchains rules with ipchains-save. You can easily edit them with a
wordprocessor. Add -l at the end of the rules to log the rule activity, like

-A input -s -d 80:80 -i eth1 -p 6 -j DENY -l 
( is my server)

You can then ipchains -F;cat fileofipchains | ipchain-restore to reload
your rules. 


ipchains-saveOn Wed, Dec 18, 2002 at 10:59:29AM -0800, Poorav Chaudhari wrote:
> I am having major set backs trying to access through my firewall (ipchains).
> The default policy on my chains is set to deny and then i am giving the
> following ipchains rule for samba. 
> ipchains -A input -p tcp -s $Internal_subnet -d Internal_net 137:139 -j ACCEPT
> ipchains -A input -p udp -s $Internal_subnet -d Internal_net 137:139 -j ACCEPT
> ipchains -A output -p tcp -d $Internal_subnet -s Internal_net 137:139 -j ACCEPT
> ipchains -A output -p udp -d $Internal_subnet -s Internal_net 137:139 -j ACCEPT
> this does not work. 
> BUT, If i change the policy to accept all, then the samba is accessible from my
> win client machines. just to make sure that the ipchains was configured
> properly i ran my ftp server from all 3 ports and tested the connection from a
> client machine. i was able to connect to the ftp server. 
> can someone please tell me what i am missing. 
> Thankyou
> =====
> Poorav Chaudhari
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list