[Samba] Re: SUSE 10.0 and firewall

Robert Schetterer robert at schetterer.org
Thu Jan 19 14:08:01 GMT 2006

if both samba and windows are behind a firewall , you dont need any 
firewall working on samba and windows machine if you trust your intranet
otherwise you have to open the smb/cifs ports as minimum

here is typical drop table for iptables
#block smb from outside
/usr/sbin/iptables -A INPUT -p udp -i ppp0 --dport 135:139 -j DROP
/usr/sbin/iptables -A INPUT -p udp -i ppp0 --dport 445 -j DROP
/usr/sbin/iptables -A INPUT -p tcp -i ppp0 --dport 135:139 -j DROP
/usr/sbin/iptables -A INPUT -p tcp -i ppp0 --dport 445 -j DROP

so open udp/tcp 135-139 and 445 should do the samba jobs working


Oygle schrieb:
> Hi Robert,
> The Samba computer, and the Win XP computer that are on the LAN, both
> sit behind a firewall.
> So, it sounds like I don't need to have the firewall active at all on
> the Linux box. I guess because I have always had a firewall on any Win
> boxes (acting as an 'application' firewall, to enable/disable requests
> going out from various software), that I just followed that pattern
> and setup the firewall on the Linux box.
> (Sometimes even Firefox goes to sites like newsrss.bbc.co.uk, and I
> block that from the Win firewall, ... it just eats up bandwidth
> otherwise).
> So, as long as it is safe to disable the firewall completely, if that
> will fix the Samba problem, then that's okay. (Still it must just be a
> port that Samba needs to have open ?? ).
> Thanks for your help,
> Oygle

Mit freundlichen Gruessen
Best Regards
Robert Schetterer

Munich / Bavaria / Germany

More information about the samba mailing list