[Samba] Fwd: Samba connections
Jorge Sarmiento
jsarmiento at ccom.org
Mon Mar 4 11:37:03 GMT 2002
Here are the rules...
_______________________________________
# Generated by iptables-save v1.2.4 on Sat Mar 2 01:15:03 2002
*nat
:PREROUTING ACCEPT [3856:568824]
:POSTROUTING ACCEPT [90:14079]
:OUTPUT ACCEPT [90:14079]
COMMIT
# Completed on Sat Mar 2 01:15:03 2002
# Generated by iptables-save v1.2.4 on Sat Mar 2 01:15:03 2002
*filter
:INPUT DROP [121:14097]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [2552:647860]
-A INPUT -s 172.25.0.0/255.255.0.0 -d 192.168.0.0/255.255.0.0 -p tcp -m tcp
--dport 20 -j ACCEPT
-A INPUT -s 172.25.0.0/255.255.0.0 -d 192.168.0.0/255.255.0.0 -p tcp -m tcp
--dport 21 -j ACCEPT
-A INPUT -s 172.25.0.0/255.255.0.0 -d 192.168.0.0/255.255.0.0 -p udp -m udp
--dport 20 -j ACCEPT
-A INPUT -s 172.25.0.0/255.255.0.0 -d 192.168.0.0/255.255.0.0 -p udp -m udp
--dport 21 -j ACCEPT
-A INPUT -s 192.168.20.0/255.255.255.0 -d 192.168.20.25 -p tcp -m tcp --dport
22 -j ACCEPT
-A INPUT -s 192.168.20.0/255.255.255.0 -d 192.168.20.25 -p tcp -m tcp --dport
137 -j ACCEPT
-A INPUT -s 192.168.20.0/255.255.255.0 -d 192.168.20.25 -p tcp -m tcp --dport
138 -j ACCEPT
-A INPUT -s 192.168.20.0/255.255.255.0 -d 192.168.20.25 -p tcp -m tcp --dport
139 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.0.0 -d 192.168.50.0/255.255.255.0 -p tcp -m
tcp --dport 80 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.0.0 -d 192.168.50.0/255.255.255.0 -p tcp -m
tcp --dport 443 -j ACCEPT
-A INPUT -s 192.168.20.255 -d 192.168.20.25 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.0.0 -d 192.168.20.25 -p tcp -m tcp --dport 80
-j ACCEPT
COMMIT
# Completed on Sat Mar 2 01:15:03 2002
On Monday 04 March 2002 10:20 am, Adam Ellis wrote:
> Can you post your iptables rules in an e-mail to the list.
>
> -----Original Message-----
> From: Jorge Sarmiento [mailto:jsarmiento at ccom.org]
> Sent: Monday, March 04, 2002 10:08 AM
> To: Adam Ellis; samba at lists.samba.org
> Subject: Re: [Samba] Fwd: Samba connections
>
>
> Of course it works with INPUT DROP, but I am thightening the security of
> the
>
> server, and putting iptables rules to only accept connections from certain
> ip's.
>
> thnx anyway
>
> Jorge S.
>
> On Monday 04 March 2002 10:10 am, Adam Ellis wrote:
> > Did it work with INPUT ACCEPT?
> >
> > -----Original Message-----
> > From: Jorge Sarmiento [mailto:jsarmiento at ccom.org]
> > Sent: Monday, March 04, 2002 9:25 AM
> > To: samba at lists.samba.org
> > Subject: [Samba] Fwd: Samba connections
> >
> >
> > I havent got an answer for this question on netfilter list, maybe you can
> > help me.
> >
> > thnx in advance!
> >
> > Jorge S.
> >
> > ---------- Forwarded Message ----------
> >
> > Subject: Samba connections
> > Date: Fri, 1 Mar 2002 11:55:25 -0500
> > From: Jorge Sarmiento <jsarmiento at ccom.org>
> > To: netfilter at lists.samba.org
> >
> > I have a Linux Samba server with the INPUT chain in DROP, and the
>
> following
>
> > ports accepted: 137, 138, 139.
> >
> > What else do I have to permit to let the clients connect to it and browse
> > the
> > server in the network neighborhood?
> >
> > thanx for ur answers!
> >
> > Jorge S.
> >
> > -------------------------------------------------------
More information about the samba
mailing list