[Samba] iptables protection and broadcasts
Michal Kurowski
mkur at poczta.gazeta.pl
Wed Sep 22 16:30:59 GMT 2004
Hi,
It's a basic firewall question I guess. Perhaps someone of you has
seen it.
I've got I firewall setup meant for my samba server protection.
The problem is it seems to block all broadcasts.
The error message:
[2004/09/22 17:43:47.572148, 0, pid=1505, effective(0, 0), real(0, 0)]
libsmb/nmblib.c:send_udp(756)
Packet send failed to 192.168.2.25(138) ERRNO=Operation not permitted
Relevant smb.conf snippet (eth1 is 192.168.2.2):
hosts allow = 192.168.2.0/24 localhost
hosts deny = 0.0.0.0/0
interfaces = eth1 lo
bind interfaces only = yes
And the firewall config:
IPTABLES="/usr/sbin/iptables"
$IPTABLES -F
$IPTABLES -N sambers
$IPTABLES -A INPUT -i eth1 -j sambers
$IPTABLES -A sambers -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A sambers -p tcp --dport 137 -j ACCEPT
$IPTABLES -A sambers -p udp --dport 137 -j ACCEPT
$IPTABLES -A sambers -p tcp --dport 138 -j ACCEPT
$IPTABLES -A sambers -p udp --dport 138 -j ACCEPT
$IPTABLES -A sambers -p tcp --dport 139 -j ACCEPT
$IPTABLES -A sambers -p udp --dport 139 -j ACCEPT
$IPTABLES -A sambers -p tcp --dport 445 -j ACCEPT
$IPTABLES -A sambers -p udp --dport 445 -j ACCEPT
$IPTABLES -A sambers -j REJECT
Could you please advise me on that ?
--
Michal Kurowski
perl -e '$_=q#: 13_2: 12/o{>: 8_4) (_4: 6/2^-2; 3;-2^\2: 5/7\_/\7: 12m m::#;
y#:#\n#;s#(\D)(\d+)#$1x$2#ge;print'
More information about the samba
mailing list