[Samba] RE: firewall (solution)

Richard Fox rfox at sbsii.com
Tue Nov 5 15:34:00 GMT 2002


I just wanted to post the ipchains rules that allowed nmblookup to work, as
well as findsmb. The security ramifications of opening the netbios ports are
something I will look into next. But, these rules will allow not only seeing
shares from NT clients but samba to act as PDC also.

-A input  -p tcp -s 192.168.0.0/24              -d 0/0 137:139 -j ACCEPT
-A input  -p udp -s 192.168.0.0/24              -d 0/0 137:139 -j ACCEPT
-A input  -p udp -s 192.168.0.0/24 137:139      -d 0/0 1024:   -j ACCEPT

resulting in (ipchains -L):

ACCEPT     tcp  ------  192.168.0.0/24       anywhere              any ->
netbios-ns:netbios-ssn
ACCEPT     udp  ------  192.168.0.0/24       anywhere              any ->
netbios-ns:netbios-ssn
ACCEPT     udp  ------  192.168.0.0/24       anywhere
netbios-ns:netbios-ssn ->   1024:65535


Rich






More information about the samba mailing list