[Samba] Re: SUSE 10.0 and firewall

Robert Schetterer robert at schetterer.org
Thu Jan 19 14:20:59 GMT 2006

FW_SERVICES_INT_TCP="135 136 137 138 139 445"
FW_SERVICES_INT_UDP="135 136 137 138 139 445"
may fix the stuff
but untested cause i wrote my ow firewall scripts

Robert Schetterer schrieb:
> Hi,
> if both samba and windows are behind a firewall , you dont need any 
> firewall working on samba and windows machine if you trust your intranet
> otherwise you have to open the smb/cifs ports as minimum
> here is typical drop table for iptables
> #drops
> #block smb from outside
> /usr/sbin/iptables -A INPUT -p udp -i ppp0 --dport 135:139 -j DROP
> /usr/sbin/iptables -A INPUT -p udp -i ppp0 --dport 445 -j DROP
> /usr/sbin/iptables -A INPUT -p tcp -i ppp0 --dport 135:139 -j DROP
> /usr/sbin/iptables -A INPUT -p tcp -i ppp0 --dport 445 -j DROP
> so open udp/tcp 135-139 and 445 should do the samba jobs working
> Regards
> Oygle schrieb:
>> Hi Robert,
>> The Samba computer, and the Win XP computer that are on the LAN, both
>> sit behind a firewall.
>> So, it sounds like I don't need to have the firewall active at all on
>> the Linux box. I guess because I have always had a firewall on any Win
>> boxes (acting as an 'application' firewall, to enable/disable requests
>> going out from various software), that I just followed that pattern
>> and setup the firewall on the Linux box.
>> (Sometimes even Firefox goes to sites like newsrss.bbc.co.uk, and I
>> block that from the Win firewall, ... it just eats up bandwidth
>> otherwise).
>> So, as long as it is safe to disable the firewall completely, if that
>> will fix the Samba problem, then that's okay. (Still it must just be a
>> port that Samba needs to have open ?? ).
>> Thanks for your help,
>> Oygle

Mit freundlichen Gruessen
Best Regards
Robert Schetterer

Munich / Bavaria / Germany

More information about the samba mailing list