[Samba] iptables and samba
azeem ahmad
azeem484 at hotmail.com
Thu May 27 22:02:20 GMT 2004
the problem has been partially soved by REJECTing or ACCEPTing the port 445.
the effect of ACCEPTing or REJECTing is same and that is:
as i stated before that i have two shares named soft and linux. the problem
appeares while accessing both shares for the first time (note only for the
first time. if i close the share and then triy again the problem doesnt
occur unless i restart my client computer) now the problem has been
partially solved as if i access one of the two shares it takes 4 minutes but
if then i access the 2nd share it doent take time. while before adding this
rule it was talking time for the both shares
Regards
Azeem
>From: Andrew Gaffney <agaffney at skylineaero.com>
>To: Tom Skeren <tms3 at fsklaw.net>
>CC: azeem ahmad <azeem484 at hotmail.com>, samba at lists.samba.org
>Subject: Re: [Samba] iptables and samba
>Date: Thu, 27 May 2004 16:43:39 -0500
>
>Tom Skeren wrote:
>>Andrew Gaffney wrote:
>>
>>>azeem ahmad wrote:
>>>
>>>>hi
>>>>i m using the script below
>>>>-------------------------------------------------------------------------------------------------------------------------------------
>>>>
>>>>iptables -F
>>>>iptables -t nat -F
>>>>iptables -P INPUT DROP
>>>>iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>>>>iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
>>>>iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
>>>>iptables -A INPUT -i eth0 -p tcp --dport 53 -j ACCEPT
>>>>iptables -A INPUT -i eth0 -p udp --dport 53 -j ACCEPT
>>>>iptables -A INPUT -i eth0 -p udp --dport 137 -j ACCEPT
>>>>iptables -A INPUT -i eth0 -p udp --dport 138 -j ACCEPT
>>>>iptables -A INPUT -i eth0 -p tcp --dport 139 -j ACCEPT
>>>>
>>>>-------------------------------------------------------------------------------------------------------------------------------------
>>>>
>>>>
>>>>i have two shares on samba server "Soft and linux" in these shares there
>>>>are many folders. whenever i run the above script and then i open the
>>>>share it takes atleast 4 minutes to open the share. but it doesnt take
>>>>time while browsing inside share.
>>>>mean there is a folder on soft share like soft/adobe/acrobat/acrobat6
>>>>when i double click on soft it takes atleast 4 minutes but after that
>>>>when i click on adobe then acrobat then acrobat6 it takes now time it
>>>>just browse them normally. same problem is with the other share named
>>>>linux.
>>>>but if i dont run this script then all shares work fine with no delay
>>>>this problem only occures first time. mean when i browse the share next
>>>>time it doesnt occur
>>>
>>>
>>>
>>>This is a complete shot in the dark. Windows 2000 (probably) and XP
>>>(definately) will look for a SMB server on port 445 first by default.
>>>Since you have '-j DROP', the requests to 445 don't get a response. It
>>>takes a little bit to timeout and then Windows probably tries to connect
>>>again. I bet if you add the following iptables rule, the problem will go
>>>away:
>>>
>>>iptables -A INPUT -i eth0 -p all --dport 445 -j REJECT
>>>
>>If you have Samba 3.x it will share on port 445.
>
>Okay, so you can change that REJECT to ACCEPT.
>
>--
>Andrew Gaffney
>Network Administrator
>Skyline Aeronautics, LLC.
>636-357-1548
>
_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*.
http://join.msn.com/?page=features/featuredemail
More information about the samba
mailing list