[Samba] firewalling SMB (and other protocols)
abartlet at samba.org
Fri Dec 26 22:36:15 GMT 2003
On Thu, 2003-12-25 at 05:15, auto92089 at hushmail.com wrote:
> I looked around and couldn't find a page on firewalling samba.
> So I did the homework and wrote one:
> Please send me (directly or CC) any technical suggestions, as I will
> probably not read the list for very long.
Most of your Statements on Samba need a lot of work
(Naturally, all these rules should also allow the replies)
You must allow access to port 137 and port 138 UDP for browsing and name
You must allow outbound access to port 137 and 138 UDP on your clients.
You must allow account to port 139 and 445 TCP for file, print and other
You must allow outbound access to port 139 and 445 TCP for browsing, and
SPOOLSS (printing) callbacks.
If you are using AD, then you need to allow access outbound to the AD
server's LDAP (TCP/UDP), DNS and Kerberos (TCP/UDP) ports...
Finally, when publishing technical documents, personal insults (no
matter who they are directed at) simply remove any sense of
professionalism from the result.
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20031227/2954a73a/attachment.bin
More information about the samba