[Samba] firewall
James Hubbard
jhubbard at mcs.uvawise.edu
Sun Nov 3 04:50:01 GMT 2002
This depends on how restrictive your firewall rules are but why don't
you just use this:
-A INPUT -p udp -s 192.168.1.0/24 --dport 137:139 -i eth0 -j ACCEPT
-A INPUT -p tcp -s 192.168.1.0/24 --dport 137:139 -i eth0 -j ACCEPT
I'm not sure what the -m stands for. You'll need to change eth0 to
match your internal ethernet card. Make sure you insert this before the
reject rules.
James Hubbard
Justin Georgeson wrote:
> Ok, so I know from `netstat --ip -lnp` that the only ports smbd and nmbd
> are using are TCP 139, and UDP 137 and 138. I find it a little odd
> though that nmbd is bound to both 0.0.0.0 AND my primary interface. My
> problem is that I can't access shares on a windows machine unless I turn
> off my firewall. I'm using RH 8 and the 2.2.6-2 RPMs from the web page
> (working fine so far, barring this firewall thing). I have these rules
> added in iptables
>
> -A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 139 --syn -j ACCEPT
> -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 137 -j ACCEPT
> -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 138 -j ACCEPT
>
> tcpdump shows ports TCP 139 and UDP 137 being accessed when I run
> findsmb. But nothing is listed when I do. If I turn off my firewall, the
> other machine on the LAN, my windows box, is listed. What am I missing?
>
More information about the samba
mailing list