Re: Iptables and SAMBA - I'm going MAAAAAAAAAAAAAAAAAADDDDDDD!!!

From: joseph philip (joseph_at_nntp.will.suffice)
Date: 11/14/03

• Next message: Christopher Browne: "Re: Linux Alternative to Windows Servers"
• Previous message: David Efflandt: "Re: [?] How to attach 2 PPPoE accounts to one ethernet card."
• In reply to: Arsenio Lupin: "Iptables and SAMBA - I'm going MAAAAAAAAAAAAAAAAAADDDDDDD!!!"
• Next in thread: Arsenio Lupin: "Re: Iptables and SAMBA - I'm going MAAAAAAAAAAAAAAAAAADDDDDDD!!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: Thu, 13 Nov 2003 22:44:03 -0500

On Thu, 13 Nov 2003 18:33:07 +0000, Arsenio Lupin wrote:

> Hi,
>
> i'm trying to setup a firewall with netfilter/iptables increasing security
> from than one i actually have, on the linux box i use to share my adsl modem
> (USB). On this linux box i have two net cards that go to two clients
> (the two subnets: 192.168.0.x/255.255.255.0 and 10.0.0.x/255.255.255.0).
>
>
> The script works well, but it doesn't work at all with my samba share.
>
> (samba works perfectly if i shut down iptables)
>
>
>
> Can someone help me to access SAMBA?
>
>
>
>
>
> Thanks!
>

samba uses tcp and udp ports in the range 137 to 139.

You basically need:

Allow outbound on lan1 from 137-139 tcp
Allow outbound on lan1 from 137-139 udp
Allow inbound on lan1 from 137-139 tcp
Allow inbound on lan1 from 137-139 udp

Allow outbound on lan2 from 137-139 tcp
Allow outbound on lan2 from 137-139 udp
Allow inbound on lan2 from 137-139 tcp
Allow inbound on lan2 from 137-139 udp

allow forward when source is lan1 and dst is lan2
allow forward when source is lan2 and dst is lan1

---

• Next message: Christopher Browne: "Re: Linux Alternative to Windows Servers"
• Previous message: David Efflandt: "Re: [?] How to attach 2 PPPoE accounts to one ethernet card."
• In reply to: Arsenio Lupin: "Iptables and SAMBA - I'm going MAAAAAAAAAAAAAAAAAADDDDDDD!!!"
• Next in thread: Arsenio Lupin: "Re: Iptables and SAMBA - I'm going MAAAAAAAAAAAAAAAAAADDDDDDD!!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Relevant Pages Re: Problem Allolwing Remote Users Access to Files on Host Computer in WinXP Pro SP2 ... The problem surfaces anytime a user on LAN2, me included, attempts ... to access the computer LAN1 using Windows Explorer. ... We have several computers in our network. ... >>grant access to shared files on LAN1 to users on LAN2. ... (microsoft.public.windowsxp.network_web) Re: Problem Allolwing Remote Users Access to Files on Host Computer in WinXP Pro SP2 ... Turns out that somehow the Network setting for LAN2 reverted to MSHOME from ... We have several computers in our network. ... I'll refer to the computers involved as LAN1 and LAN2. ... (microsoft.public.windowsxp.network_web) VPN/IPSEC error 651 ? ... The ISA server routes all protocoles between LAN1 and LAN2 ... In front of my ISA Server I have a firewall, but to proceed step by step, I ... If I try to establish a VPN/IPSEC connection to the LAN2 ... (microsoft.public.isa.vpn) Re: Ethernet Device ... let's call them LAN1 and LAN2. ... 445 unless the request is from within the same network). ... A host on LAN1 needs to access the file shares on StorageServer, ... (comp.arch.embedded) Re: In WinXP Pro Sudden Loss of Permission to Access Shared Files on Another Computer in LAN ... >> I'll call that computer LAN2 and call the one I'm currently using LAN1. ... I am able to access shared files on all other computers in the LAN ... go to a command prompt and issue these commands: ... (microsoft.public.windowsxp.network_web)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)