[Samba] OT: Re: samba problem (with firewalls)

Alexander Goeres agoeres at lieblinx.net
Mon Feb 16 09:56:24 GMT 2004 

Hi!

If this firewall is iptables, then the problem with samba could be, that the 
iptables-rules allow the forwarding on ip-packet through the firewall-gateway 
but nothing is allowed to contact the gateway itself.
In "normal" iptables-rules, the default policy for everything should be set to 
"drop". Then the necessary ports are opend. 
There are 3 directions: forward (to forward packets from one net o another), 
input and output. The last two apply to the firewall gateway itsself.

I don't know about the exact form of SuSEs rules, but to allow contact from 
the internal net to the gateway-samba-machine, there should be some rules 
like this:
iptables -A INPUT -s ip-address.of.internal.net -p tcp -i interface-to 
-internal-net -j ACCEPT
iptables -A INPUT -s ip-address.of.internal.net -p udp -i interface-to 
-internal-net -j ACCEPT
iptables -A OUTPUT -d ip-address.of.internal.net -p tcp -o interface-to 
-internal-net -j ACCEPT
iptables -A OUTPUT -d ip-address.of.internal.net -p udp -o interface-to 
-internal-net -j ACCEPT

These rules should allow for any contact from the internal net to the 
gatway-firewall-machine and the correspondig responses (for all ports). If 
this is too crude for your needs you could refine it with some restictions to 
the ports used by samba (137, 138, 139, 445, as far as I know). If this 
doesn't work, then perhaps you have to allow contact to the 
loopback-ip-addess.

There's an extensive and very goot HowTo about iptables-firewall-rules at
http://iptables-tutorial.frozentux.net/iptables-tutorial.html (by Oskar 
Andreasson)

Hope it helps,

Alexander
-- 
Netzwerk- & Systemadministrator
-------------------------------------------
agoeres _at_ lieblinx.net
tel.: +49 (0)30 / 61 20 26 87
fax: +49 (0)30 / 61 20 26 89
-------------------------------------------
lieblinxNET
     we do software
a Marwood & Thiele GbR
-------------------------------------------
reichenberger straße 125
10999 Berlin

http://lieblinx.net
-------------------------------------------
Am Donnerstag, 12. Februar 2004 18:05 schrieb geralds:
> Hi Alexander,
>
> The kind of firewall i have uses the basic iptables which came with the
> installation CDs of linux-SuSE.
>
> I installed SuSE 8.1 which has a firewall that has to be activated. But
> now, u know, i can't find the file containing the iptables so as to adjust
> the rules. When i try "iptables -L" in console mode i can see all the
> rules.
>
> I think i need to add some new rules in the iptables so that samba works
> properly. What's yo opinion?
>
> So, could u be knowing the configuration file and path for the firewall
> rules? My kernel is 2.4.19.
> 'hope to hear from u any time.
> Thanks.
> Rgds,
>        Segie.

More information about the samba mailing list