Traffic to 192.168.0.255? I don't recall seeing anythign that would block that. Here's what the table list shows: Chain INPUT (policy DROP) target prot opt source destination ACCEPT tcp -- anywhere anywhere multiport dports smtp,ftp,telnet,ssh,netbios-ns,netbios-dgm,netbios-ssn ACCEPT tcp -- anywhere anywhere multiport dports telnet,ssh,domain,nntp,ntp,printer,pop3,imap,http,https,netbios-ns,netbios-d gm,netbios-ssn ACCEPT udp -- anywhere anywhere multiport dports domain,ntp,router,netbios-ns,netbios-dgm,netbios-ssn ACCEPT udp -- anywhere anywhere multiport dports netbios-ns,netbios-dgm,netbios-ssn ACCEPT tcp -- anywhere anywhere multiport dports netbios-ns,netbios-dgm,netbios-ssn ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED LOG all -- anywhere anywhere LOG level warning Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED LOG all -- anywhere anywhere LOG level warning Chain OUTPUT (policy ACCEPT) target prot opt source destination ----- Original Message ----- From: "Michael" <mutk@iprimus.com.au> To: "Dan Egli" <dan@shortcircuit.dyndns.org>; <netfilter@lists.netfilter.org> Sent: Tuesday, November 26, 2002 6:14 PM Subject: Re: Samba blocked? > Dan Egli wrote: > > >Ok. I'm a fair bit confused here. I'm trying to setup a IPtables filter set > >that will block certain ports and allow others. It seems to work perfectly > >for anything other than Samba. If I try: > > > >smbclient //myserver/shared1, it fails to connect. But using the IP in place > >of it: > >smbclient //192.168.0.2/shared1 works just fine. I am specifically allowing > >NetBIOS-ns, NetBIOS-ssn, and NetBIOS-dgm. Still no go. What's wrong? > > > > > > > > > Probably nothing wrong with the iptables rules. Might be something wrong > with the name lookups for smbclient though. > Have a look at man pages for smbclient, in particular the name resolve > order (-R) command switch. Also have a look at man page for smb.conf, > as the method for name look ups is defined there (The order too) > > The default order is lmhosts, host, wins, bcast for name look ups. > I beleive that for bcast name lookups to work you need to allow bcast > traffic too. ie you need to allow 192.168.0.255 port 137. > > If you don't want that, a quick fix is to try adding the 'myserver' > name and IP to /etc/hosts .. > > Cheers, > Michael > > > >
