[Samba] Another Shot At It
James Hubbard
jhubbard at mcs.uvawise.edu
Fri Oct 18 14:24:08 GMT 2002
I don't think that you need the -y
-A input -p tcp -s 0/0 -d 0/0 137:139 -j ACCEPT
-A input -p udp -s 0/0 -d 0/0 137:139 -j ACCEPT
-A input -p tcp -s obi-wan-ip -d luke-ip 137:139 -j ACCEPT
-A input -p udp -s obi-wan-ip -d luke-ip 137:139 -j ACCEPT
James
James Hubbard wrote:
> Since you've probably enabled the firewall settings when you installed
> RedHat, you're probably going to need to modify the
> /etc/sysconfig/ipchains file.
>
> This line here is probably causing you the most problem.
> -A input -p tcp -s 0/0 -d 0/0 0:1023 -y -j REJECT
>
> In order to allow smb packets to be accepted you're going to need to
> open up the ports. The easiest way to do this (I believe) is to insert
> these 2 lines above the line listed above.
> -A input -p tcp -s 0/0 -d 0/0 137:139 -y -j ACCEPT
> -A input -p udp -s 0/0 -d 0/0 137:139 -y -j ACCEPT
> (Restart ipchains: /etc/rc.d/init.d/ipchains restart)
>
> I can't remember if you need the udp or not.
>
> This is also opens you up to anybody. You'll probably want to insert
> the acutal ip addresses of your two other machines in there. This could
> be a problem though.
> -A input -p tcp -s obi-wan-ip -d luke-ip 137:139 -y -j ACCEPT
> -A input -p udp -s obi-wan-ip -d luke-ip 137:139 -y -j ACCEPT
> ...
>
> One way to tell if you're got the smb ports locked down is to go to
> http://www.grc.com from your linux machine.
> Click Shields Up. It should tell you whether or not it can see your
> windows share. After you add the lines to open up the ports, go back to
> the site and try again. It should tell you the basic stuff like
> workgroup name.
>
> You really should invest in some type of firewalling hardware/software,
> preferrably something that filter packets before they get to your machines.
>
> James Hubbard
>
>
>
> DJ Busch wrote:
>
>> After receiving no response to yesterday's message, I tried some more
>> web scouring and more tinkering and dinking around with Samba...and I
>> discovered what may be a major key to my problem...
>>
>> I have 3 PC's...2 are Windoze and 1 is Linux. Windoze machines are
>> likely to understand how to share files across subnets using the same
>> workgroup name...but is Samba as adept? I have a feeling that is at
>> the heart of my problem.
>> I enabled wins support in my smb.conf and assigned the Samba box's IP
>> address as the primary wins server on the WFW box. I also set Samba to
>> be the domain master browser according to the instructions in
>> BROWSING.txt. All of this, alas, was useless as I still couldn't
>> browse the Win-duhs shares from Linux or the Linux shares from
>> Winduhs. I feel that I'm getting much closer to my goal (file sharing
>> without using Windows) and would really appreciate any help any of you
>> can offer.
>>
>> Thanks in advance for any help you can provide.
>>
>> DJ Busch
>>
>> Here is my latest attempt at smb.conf:
>>
>> [global]
>> workgroup = LEGEND
>> netbios name = LUKE
>> server string = Dave's Linux Experiment Gone Wrong
>> interfaces = eth0
>> bind interfaces only = Yes
>> security = SHARE
>> encrypt passwords = Yes
>> null passwords = Yes
>> log file = /var/log/samba/log.%m
>> debug level = 5
>> max log size = 50
>> ; socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>> os level = 2
>> lm announce = yes
>> preferred master = yes
>> domain master = yes
>> dns proxy = No
>> wins support = yes
>> guest account = doodles
>> hosts allow = ALL
>> hosts deny =
>> [homes]
>> comment = Home Directories
>> path = /home
>> read only = No
>> guest ok = Yes
>>
>> [printers]
>> comment = All Printers
>> path = /var/spool/samba
>> printable = Yes
>> browseable = No
>>
>> [hp]
>> path = /var/spool/samba
>> read only = No
>> guest ok = Yes
>> printable = Yes
>> printer name = hp
>>
>
More information about the samba
mailing list