Spook ZA wrote:
Hi.
2009/3/31 Rob Kampen <rkampen@xxxxxxxxxxxxxxxxx>:
Hi folk,
I am trying to get iptables working on a samba server but find it is
blocking something that prevents the windoze clients from being able to
access the share.
here are the bits from iptables:
# nmb provided netbios-ns
-A RH-Firewall-1-INPUT -p udp -m udp -s 192.168.230.100/24 -i eth1 --dport
137 -j ACCEPT
# nmb provided netbios-dgm
-A RH-Firewall-1-INPUT -p udp -m udp -s 192.168.230.100/24 -i eth1 --dport
138 -j ACCEPT
# Samba
-A RH-Firewall-1-INPUT -p tcp -m tcp -m state -s 192.168.230.100/24 -i
eth1 --dport 135 --state NEW -j ACCEPT
# smb provided netbios-ssn
-A RH-Firewall-1-INPUT -p tcp -m tcp -m state -s 192.168.230.100/24 -i
eth1 --dport 139 --state NEW -j ACCEPT
# smb provided microsoft-ds
-A RH-Firewall-1-INPUT -p tcp -m tcp -m state -s 192.168.230.100/24 -i
eth1 --dport 445 --state NEW -j ACCEPT
Your source address is invalid.
If you want access from the entire 192.168.230.x subnet, you have to
use a source of 192.168.230.0/24.
If you want access from only 100, then you need to specify the source
as 192.168.230.100/32 (a single address with a mask to match or just
leave the mask off).
Sorry, not so, tried changing it as you suggested but no go. the /24
masks the last octet thus you can have any value from 0~254.
HTH
Regards,
Andrew.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
begin:vcard
fn:Rob Kampen
n:Kampen;Rob
email;internet:rob@xxxxxxxxxxxxxxxxx
tel;cell:407-341-3815
version:2.1
end:vcard
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
