[Samba] firewall

James Hubbard jhubbard at mcs.uvawise.edu
Sun Nov 3 04:50:01 GMT 2002


This depends on how restrictive your firewall rules are but why don't 
you just use this:

-A INPUT -p udp -s 192.168.1.0/24 --dport 137:139 -i eth0 -j ACCEPT
-A INPUT -p tcp -s 192.168.1.0/24 --dport 137:139 -i eth0 -j ACCEPT

I'm not sure what the -m stands for.  You'll need to change eth0 to 
match your internal ethernet card.  Make sure you insert this before the 
reject rules.

James Hubbard

Justin Georgeson wrote:
> Ok, so I know from `netstat --ip -lnp` that the only ports smbd and nmbd
> are using are TCP 139, and UDP 137 and 138. I find it a little odd
> though that nmbd is bound to both 0.0.0.0 AND my primary interface. My
> problem is that I can't access shares on a windows machine unless I turn
> off my firewall. I'm using RH 8 and the 2.2.6-2 RPMs from the web page
> (working fine so far, barring this firewall thing). I have these rules
> added in iptables
> 
> -A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 139 --syn -j ACCEPT
> -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 137 -j ACCEPT
> -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 138 -j ACCEPT
> 
> tcpdump shows ports TCP 139 and UDP 137 being accessed when I run
> findsmb. But nothing is listed when I do. If I turn off my firewall, the
> other machine on the LAN, my windows box, is listed. What am I missing?
> 




More information about the samba mailing list