[Samba] Blocking internet access to Samba
Kaleb Pederson
kibab at icehouse.net
Wed Oct 30 16:37:01 GMT 2002
Yes, that's definitely coming from a different subnet.
iptables handles it just fine if configured well. I use something like:
-A INPUT # if coming from local subnet # -j localnet
-A INPUT # if coming from external source # -j badnet
-A badnet -p tcp -m tcp --dport 22 -j ACCEPT
-A badnet -j DROP
-A localnet -p tcp -m tcp --dport 22 -j ACCEPT
-A localnet -p tcp -m tcp --dport 80 -j ACCEPT
-A localnet -j samba
-A localnet -j DROP
-A samba -p tcp -m tcp --dport 139 -j ACCEPT
-A samba -p udp -m udp --dport 137 -j ACCEPT
-A samba -p udp -m udp --dport 138 -j ACCEPT
-A samba -p tcp -m tcp --dport 901 -j ACCEPT # for swat
I hope this helps.
--Kaleb
-----Original Message-----
From: samba-admin at lists.samba.org [mailto:samba-admin at lists.samba.org]
On Behalf Of Brian Johnson
Sent: Wednesday, October 30, 2002 8:26 AM
To: samba at samba.org
Subject: [Samba] Blocking internet access to Samba
My samba.smbd log shows multiple entries such as:
[2002/10/30 10:30:04, 0] lib/access.c:check_access(323)
Denied connection from (211.163.100.141)
They show up about every five minutes and are from a few different IP
addresses
I thought that my iptables configuration would block connection attempts
from the
internet - is that what these are?
My LAN ip range is 192.168.0.x
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list