[Samba] ipchains question
Rongyao
eycheu at yahoo.com
Fri Jun 14 09:41:02 GMT 2002
Check www.samba.org under documentation for more
information on network neighbourhood. It explain port
137, port 138 and port 139.
--- Kaleb Pederson <kibab at asc.ewu.edu> wrote:
> Hmm... That's interesting. I started out with the
> firewall blocking
> everything and then slowly allowed in ports based on
> what was being
> logged. I did check the rest of my policy to make
> sure that it wasn't
> listed in a different place and it's not.
>
> What I have is completely functional as far as samba
> is concerned,
> although I should have moved port 443 to a different
> section in my
> policy. This server has been up and running for
> quite a while using the
> above iptables policy. I bet if you try it, even
> with logging
> everything that gets dropped/rejected you will find
> that it isn't using
> the other ports you mentioned.
>
> Anyone else have any experience with this?
>
> --Kaleb
>
> -----Original Message-----
> From: Mark Brosius [mailto:mark at mebrosius.com]
> Sent: Friday, June 14, 2002 8:06 AM
> To: Kaleb Pederson
> Cc: ssaba at lists.samba.org
> Subject: RE: [Samba] ipchains question
>
> It looks like you still need to allow port 137 on
> TCP, 138 on TCP and
> 139
> on UDP. Oh, and 443 is for https.
>
> Mark
>
> On Fri, 14 Jun 2002, Kaleb Pederson wrote:
>
> > Here is what I use (with iptables) for incoming
> requests. This is
> what
> > I'm currently using and believe this is all that
> is required.
> >
> > from my iptables_policy file (using the
> iptables-restore format):
> > -A samba -p tcp -m tcp --dport 139 -j ACCEPT
> > -A samba -p tcp -m tcp --dport 443 -j ACCEPT //
> don't remember why
> > 443/445
> > -A samba -p tcp -m tcp --dport 445 -j ACCEPT //
> were necessary...
> > -A samba -p tcp -m tcp --dport 901 -j ACCEPT //
> swat
> > -A samba -p udp -m udp --dport 137 -j ACCEPT
> > -A samba -p udp -m udp --dport 138 -j ACCEPT
> >
> > --Kaleb
> >
> > -----Original Message-----
> > From: samba-admin at lists.samba.org
> [mailto:samba-admin at lists.samba.org]
> > On Behalf Of Mark Brosius
> > Sent: Friday, June 14, 2002 7:50 AM
> > To: Raymond Norton
> > Cc: samba at lists.samba.org
> > Subject: Re: [Samba] ipchains question
> >
> > My guess is that you need to allow NetBIOS
> traffic. I think the ports
> > are
> > 137-139 for TCP and UDP. You might want to allow
> NetBIOS traffic on
> > your
> > LAN but do not allow it to go past your firewall
> to the internet.
> >
> > Mark
> >
> > On Fri, 14 Jun 2002, Raymond Norton wrote:
> >
> > > I have a couple questions that I will submit
> separately. When I have
> > > IPchains running I can't get my samba box to
> show up in network
> > > neighborhood, but when I turn ipchains off the
> box shows up. What
> > rules do
> > > I need to add for things to work properly?
> > >
> > > --
> > > Raymond Norton
> > > Little Crow Telemedia Network
> > > 320-234-0270
> > >
> > >
> > >
> > >
> >
> >
> >
>
>
> --
> To unsubscribe from this list go to the following
> URL and read the
> instructions:
http://lists.samba.org/mailman/listinfo/samba
__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com
More information about the samba
mailing list