[Samba] iptables and samba

Andrew Gaffney agaffney at skylineaero.com
Thu May 27 21:43:39 GMT 2004 

Tom Skeren wrote:
> Andrew Gaffney wrote:
> 
>> azeem ahmad wrote:
>>
>>> hi
>>> i m using the script below
>>> ------------------------------------------------------------------------------------------------------------------------------------- 
>>>
>>> iptables -F
>>> iptables -t nat -F
>>> iptables -P INPUT DROP
>>> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>>> iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
>>> iptables -A INPUT -i eth0 -p tcp --dport 22   -j ACCEPT
>>> iptables -A INPUT -i eth0 -p tcp --dport 53   -j ACCEPT
>>> iptables -A INPUT -i eth0 -p udp --dport 53   -j ACCEPT
>>> iptables -A INPUT -i eth0 -p udp --dport 137  -j ACCEPT
>>> iptables -A INPUT -i eth0 -p udp --dport 138  -j ACCEPT
>>> iptables -A INPUT -i eth0 -p tcp --dport 139  -j ACCEPT
>>>
>>> ------------------------------------------------------------------------------------------------------------------------------------- 
>>>
>>>
>>> i have two shares on samba server "Soft and linux" in these shares 
>>> there are many folders. whenever i run the above script and then i 
>>> open the share it takes atleast 4  minutes to open the share. but it 
>>> doesnt take time while browsing inside share.
>>> mean there is a folder on soft share like soft/adobe/acrobat/acrobat6
>>> when i double click on soft it takes atleast 4 minutes but after that 
>>> when i click on adobe then acrobat then acrobat6 it takes now time it 
>>> just browse them normally. same problem is with the other share named 
>>> linux.
>>> but if i dont run this script then all shares work fine with no delay
>>> this problem only occures first time. mean when i browse the share 
>>> next time it doesnt occur
>>
>>
>>
>> This is a complete shot in the dark. Windows 2000 (probably) and XP 
>> (definately) will look for a SMB server on port 445 first by default. 
>> Since you have '-j DROP', the requests to 445 don't get a response. It 
>> takes a little bit to timeout and then Windows probably tries to 
>> connect again. I bet if you add the following iptables rule, the 
>> problem will go away:
>>
>> iptables -A INPUT -i eth0 -p all --dport 445 -j REJECT
>>
> If you have Samba 3.x it will share on port 445.

Okay, so you can change that REJECT to ACCEPT.

-- 
Andrew Gaffney
Network Administrator
Skyline Aeronautics, LLC.
636-357-1548

More information about the samba mailing list