[Samba] samba and ipchains
Joel Hammer
Joel at HammersHome.com
Wed Dec 18 23:57:01 GMT 2002
The general way of running down this sort of problem is to enable logging in
you firewall rules and then watch what happens.
You would have a better idea of what is going on by printing out your
firewall ipchains rules with ipchains-save. You can easily edit them with a
wordprocessor. Add -l at the end of the rules to log the rule activity, like
so:
-A input -s 0.0.0.0/0.0.0.0 -d 67.34.39.58/255.255.255.255 80:80 -i eth1 -p 6 -j DENY -l
(67.34.39.58 is my server)
You can then ipchains -F;cat fileofipchains | ipchain-restore to reload
your rules.
Joel
ipchains-saveOn Wed, Dec 18, 2002 at 10:59:29AM -0800, Poorav Chaudhari wrote:
> I am having major set backs trying to access through my firewall (ipchains).
> The default policy on my chains is set to deny and then i am giving the
> following ipchains rule for samba.
>
> ipchains -A input -p tcp -s $Internal_subnet -d Internal_net 137:139 -j ACCEPT
> ipchains -A input -p udp -s $Internal_subnet -d Internal_net 137:139 -j ACCEPT
> ipchains -A output -p tcp -d $Internal_subnet -s Internal_net 137:139 -j ACCEPT
> ipchains -A output -p udp -d $Internal_subnet -s Internal_net 137:139 -j ACCEPT
>
> this does not work.
>
> BUT, If i change the policy to accept all, then the samba is accessible from my
> win client machines. just to make sure that the ipchains was configured
> properly i ran my ftp server from all 3 ports and tested the connection from a
> client machine. i was able to connect to the ftp server.
>
> can someone please tell me what i am missing.
>
> Thankyou
>
> =====
> Poorav Chaudhari
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list