Re: iptables rules to allow nautilus samba access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 28/07/05, Bill Tangren <bjt@xxxxxxxxxxxxxxxx> wrote:

> They are applied on the samba server. I can get to the samba server from
> a Windoze box. That was never a problem. What IS a problem is getting to
> the Windoze box from the samba box. That's what I am trying to get help
> with.

Ah, sorry, should've paid a little more attention. :) 

As we found, we needed the following incoming ports.

137/udp
138/udp
139/tcp
445/tcp

I assume you'd need to allow traffic out from the SMB server to these
destination ports on the windows box. How restrictive are you being on
outbound traffic from the host? What do your OUTPUT or
tcp_outbound/udp_outbound chains like?

Assuming you're not (statefully) allowing anything and everything out
from the Samba server by default (a reasonable assumption given it
works without the firewall in place and doesn't when it is) I imagine
you'd want to see something like...

Chain OUTPUT (policy DROP)
ACCEPT  udp  --  anywhere  $windowsbox  udp dpt:137 state NEW
ACCEPT  udp  --  anywhere  $windowsbox  udp dpt:138 state NEW
ACCEPT  tcp  --  anywhere  $windowsbox  tcp dpt:139 state NEW
ACCEPT  tcp  --  anywhere  $windowsbox  tcp dpt:445 state NEW

Depending on exactly how you generate your rules something like...

$IPTABLES -A OUTPUT -p udp --dport 137 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 138 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 139 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 445 -m state --state NEW -j ACCEPT

... might do it for you.

Will.

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux