[Samba] Another Shot At It

[James Hubbard]

I don't think that you need the -y

-A input -p tcp -s 0/0 -d 0/0 137:139 -j ACCEPT
-A input -p udp -s 0/0 -d 0/0 137:139  -j ACCEPT

-A input -p tcp -s obi-wan-ip -d luke-ip 137:139 -j ACCEPT
-A input -p udp -s obi-wan-ip -d luke-ip 137:139 -j ACCEPT

James

James Hubbard wrote:
> Since you've probably enabled the firewall settings when you installed 
> RedHat, you're probably going to need to modify the 
> /etc/sysconfig/ipchains file.
> 
> This line here is probably causing  you the most problem.
> -A input -p tcp -s 0/0 -d 0/0 0:1023 -y -j REJECT
> 
> In order to allow smb packets to be accepted you're going to need to 
> open up the ports.  The easiest way to do this (I believe) is to insert 
> these 2 lines above the line listed above.
> -A input -p tcp -s 0/0 -d 0/0 137:139 -y -j ACCEPT
> -A input -p udp -s 0/0 -d 0/0 137:139 -y -j ACCEPT
> (Restart ipchains:  /etc/rc.d/init.d/ipchains restart)
> 
> I can't remember if you need the udp or not.
> 
> This is also opens you up to anybody.  You'll probably want to insert 
> the acutal ip addresses of your two other machines in there.  This could 
> be a problem though.
> -A input -p tcp -s obi-wan-ip -d luke-ip 137:139 -y -j ACCEPT
> -A input -p udp -s obi-wan-ip -d luke-ip 137:139 -y -j ACCEPT
> ...
> 
> One way to tell if you're got the smb ports locked down is to go to
> http://www.grc.com from your linux machine.
> Click Shields Up.  It should tell you whether or not it can see your 
> windows share. After you add the lines to open up the ports, go back to 
> the site and try again.  It should tell you the basic stuff like 
> workgroup name.
> 
> You really should invest in some type of firewalling hardware/software, 
> preferrably something that filter packets before they get to your machines.
> 
> James Hubbard
> 
> 
> 
> DJ Busch wrote:
> 
>> After receiving no response to yesterday's message, I tried some more 
>> web scouring and more tinkering and dinking around with Samba...and I 
>> discovered what may be a major key to my problem...
>>
>> I have 3 PC's...2 are Windoze and 1 is Linux.  Windoze machines are 
>> likely to understand how to share files across subnets using the same 
>> workgroup name...but is Samba as adept?  I have a feeling that is at 
>> the heart of my problem. 
>> I enabled wins support in my smb.conf and assigned the Samba box's IP 
>> address as the primary wins server on the WFW box. I also set Samba to 
>> be the domain master browser according to the instructions in 
>> BROWSING.txt.  All of this, alas, was useless as I still couldn't 
>> browse the Win-duhs shares from Linux or the Linux shares from 
>> Winduhs.  I feel that I'm getting much closer to my goal (file sharing 
>> without using Windows) and would really appreciate any help any of you 
>> can offer.
>>
>> Thanks in advance for any help you can provide.
>>
>> DJ Busch
>>
>> Here is my latest attempt at smb.conf:
>>
>> [global]
>>     workgroup = LEGEND
>>     netbios name = LUKE
>>     server string = Dave's Linux Experiment Gone Wrong
>>     interfaces = eth0
>>     bind interfaces only = Yes
>>     security = SHARE
>>     encrypt passwords = Yes
>>     null passwords = Yes
>>     log file = /var/log/samba/log.%m
>>     debug level = 5
>>     max log size = 50
>> ;    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>     os level = 2
>>     lm announce = yes
>>     preferred master = yes
>>     domain master = yes
>>     dns proxy = No
>>     wins support = yes
>>     guest account = doodles
>>     hosts allow = ALL
>>     hosts deny =
>> [homes]
>>     comment = Home Directories
>>     path = /home
>>     read only = No
>>     guest ok = Yes
>>
>> [printers]
>>     comment = All Printers
>>     path = /var/spool/samba
>>     printable = Yes
>>     browseable = No
>>
>> [hp]
>>     path = /var/spool/samba
>>     read only = No
>>     guest ok = Yes
>>     printable = Yes
>>     printer name = hp
>>
>