On 28/07/05, Bill Tangren <bjt@xxxxxxxxxxxxxxxx> wrote: > They are applied on the samba server. I can get to the samba server from > a Windoze box. That was never a problem. What IS a problem is getting to > the Windoze box from the samba box. That's what I am trying to get help > with. Ah, sorry, should've paid a little more attention. :) As we found, we needed the following incoming ports. 137/udp 138/udp 139/tcp 445/tcp I assume you'd need to allow traffic out from the SMB server to these destination ports on the windows box. How restrictive are you being on outbound traffic from the host? What do your OUTPUT or tcp_outbound/udp_outbound chains like? Assuming you're not (statefully) allowing anything and everything out from the Samba server by default (a reasonable assumption given it works without the firewall in place and doesn't when it is) I imagine you'd want to see something like... Chain OUTPUT (policy DROP) ACCEPT udp -- anywhere $windowsbox udp dpt:137 state NEW ACCEPT udp -- anywhere $windowsbox udp dpt:138 state NEW ACCEPT tcp -- anywhere $windowsbox tcp dpt:139 state NEW ACCEPT tcp -- anywhere $windowsbox tcp dpt:445 state NEW Depending on exactly how you generate your rules something like... $IPTABLES -A OUTPUT -p udp --dport 137 -m state --state NEW -j ACCEPT $IPTABLES -A OUTPUT -p udp --dport 138 -m state --state NEW -j ACCEPT $IPTABLES -A OUTPUT -p tcp --dport 139 -m state --state NEW -j ACCEPT $IPTABLES -A OUTPUT -p tcp --dport 445 -m state --state NEW -j ACCEPT ... might do it for you. Will. -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
