[Samba] Blocking internet access to Samba

Kaleb Pederson kibab at icehouse.net
Wed Oct 30 16:37:01 GMT 2002


Yes, that's definitely coming from a different subnet. 

iptables handles it just fine if configured well.  I use something like:

-A INPUT # if coming from local subnet # -j localnet
-A INPUT # if coming from external source # -j badnet

-A badnet -p tcp -m tcp --dport 22 -j ACCEPT
-A badnet -j DROP 

-A localnet -p tcp -m tcp --dport 22 -j ACCEPT
-A localnet -p tcp -m tcp --dport 80 -j ACCEPT
-A localnet -j samba
-A localnet -j DROP

-A samba -p tcp -m tcp --dport 139 -j ACCEPT
-A samba -p udp -m udp --dport 137 -j ACCEPT
-A samba -p udp -m udp --dport 138 -j ACCEPT
-A samba -p tcp -m tcp --dport 901 -j ACCEPT # for swat

I hope this helps.

--Kaleb

-----Original Message-----
From: samba-admin at lists.samba.org [mailto:samba-admin at lists.samba.org]
On Behalf Of Brian Johnson
Sent: Wednesday, October 30, 2002 8:26 AM
To: samba at samba.org
Subject: [Samba] Blocking internet access to Samba

My samba.smbd log shows multiple entries such as:

[2002/10/30 10:30:04, 0] lib/access.c:check_access(323)
  Denied connection from  (211.163.100.141)

They show up about every five minutes and are from a few different IP
addresses

I thought that my iptables configuration would block connection attempts
from the
internet - is that what these are?

My LAN ip range is 192.168.0.x

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba




More information about the samba mailing list