Samba & Firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I am using a PC as firewall and natting device to my network (192.168.0.*)
The firewall was created with Lokkit with the addition of line for Masquerading, i.e the Lokkit-INPUT chain+Masquerade


If I stop iptables I can surf my internal network with any Window machine, otherwise no way of surfing my network

I added some line to Iptables.conf to make Samba work with Iptables but I can't surf the Internet any longer and I can't surf my internal network.

Any help to an Iptables/Samba newbie???

Herebelow the iptables.conf file:

# Generated by iptables-save v1.2.6a on Tue Feb 11 14:30:35 2003
*mangle
:PREROUTING ACCEPT [56:8554]
:INPUT ACCEPT [56:8554]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [48:7100]
:POSTROUTING ACCEPT [92:13728]
COMMIT
# Completed on Tue Feb 11 14:30:35 2003
# Generated by iptables-save v1.2.6a on Tue Feb 11 14:30:35 2003
*nat
:PREROUTING ACCEPT [606:31021]
:POSTROUTING ACCEPT [8:1190]
:OUTPUT ACCEPT [95:6440]
[125:7241] -A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Tue Feb 11 14:30:35 2003
# Generated by iptables-save v1.2.6a on Tue Feb 11 14:30:35 2003
*filter
:INPUT ACCEPT [6544:6909364]
:FORWARD ACCEPT [2112:1426713]
:OUTPUT ACCEPT [5554:557979]
:RH-Lokkit-0-50-INPUT - [0:0]
[7210:6961595] -A INPUT -j RH-Lokkit-0-50-INPUT
[0:0] -A INPUT -s 192.168.0.0/255.255.255.0 -d 192.168.0.1 -p udp -m udp --sport 137 --dport 137 -j ACCEPT
[0:0] -A INPUT -s 192.168.0.0/255.255.255.0 -d 192.168.0.1 -p udp -m udp --sport 138 --dport 138 -j ACCEPT
[0:0] -A INPUT -s 192.168.0.0/255.255.255.0 -d 192.168.0.1 -p tcp -m tcp --sport 1024:65535 --dport 139 -j ACCEPT
[0:0] -A OUTPUT -s 192.168.0.1 -d 192.168.0.0/255.255.255.0 -p udp -m udp --sport 137 --dport 137 -j ACCEPT
[0:0] -A OUTPUT -s 192.168.0.1 -d 192.168.0.0/255.255.255.0 -p udp -m udp --sport 138 --dport 138 -j ACCEPT
[0:0] -A OUTPUT -s 192.168.0.1 -d 192.168.0.0/255.255.255.0 -p tcp -m tcp --sport 139 --dport 1024:65535 ! --tcp-flags SYN,RST,ACK SYN -j ACCEPT
[0:0] -A OUTPUT -j DROP
[358:23126] -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
[61:11302] -A RH-Lokkit-0-50-INPUT -s 212.216.112.112 -p udp -m udp --sport 53 -j ACCEPT
[4:514] -A RH-Lokkit-0-50-INPUT -s 212.216.172.62 -p udp -m udp --sport 53 -j ACCEPT
[157:6444] -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j REJECT --reject-with icmp-port-unreachable
[86:10845] -A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Tue Feb 11 14:30:35 2003
Tnx

Antonio Montagnani
I



--
Psyche-list mailing list
Psyche-list@redhat.com
https://listman.redhat.com/mailman/listinfo/psyche-list
[Index of Archives]     [Fedora General Discussion]     [Red Hat General Discussion]     [Centos]     [Kernel]     [Red Hat Install]     [Red Hat Watch]     [Red Hat Development]     [Red Hat 9]     [Gimp]     [Yosemite News]

  Powered by Linux