[Samba] iptables and samba

Andrew Gaffney agaffney at skylineaero.com
Thu May 27 21:29:55 GMT 2004 

azeem ahmad wrote:
> hi
> i m using the script below
> ------------------------------------------------------------------------------------------------------------------------------------- 
> 
> iptables -F
> iptables -t nat -F
> iptables -P INPUT DROP
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
> iptables -A INPUT -i eth0 -p tcp --dport 22   -j ACCEPT
> iptables -A INPUT -i eth0 -p tcp --dport 53   -j ACCEPT
> iptables -A INPUT -i eth0 -p udp --dport 53   -j ACCEPT
> iptables -A INPUT -i eth0 -p udp --dport 137  -j ACCEPT
> iptables -A INPUT -i eth0 -p udp --dport 138  -j ACCEPT
> iptables -A INPUT -i eth0 -p tcp --dport 139  -j ACCEPT
> 
> ------------------------------------------------------------------------------------------------------------------------------------- 
> 
> 
> i have two shares on samba server "Soft and linux" in these shares there 
> are many folders. whenever i run the above script and then i open the 
> share it takes atleast 4  minutes to open the share. but it doesnt take 
> time while browsing inside share.
> mean there is a folder on soft share like soft/adobe/acrobat/acrobat6
> when i double click on soft it takes atleast 4 minutes but after that 
> when i click on adobe then acrobat then acrobat6 it takes now time it 
> just browse them normally. same problem is with the other share named 
> linux.
> but if i dont run this script then all shares work fine with no delay
> this problem only occures first time. mean when i browse the share next 
> time it doesnt occur

This is a complete shot in the dark. Windows 2000 (probably) and XP (definately) 
will look for a SMB server on port 445 first by default. Since you have '-j 
DROP', the requests to 445 don't get a response. It takes a little bit to 
timeout and then Windows probably tries to connect again. I bet if you add the 
following iptables rule, the problem will go away:

iptables -A INPUT -i eth0 -p all --dport 445 -j REJECT

-- 
Andrew Gaffney
Network Administrator
Skyline Aeronautics, LLC.
636-357-1548

More information about the samba mailing list