Re: iptables / Samba / internet connectivity

---

• From: Clifford Kite <kite@xxxxxxxxxxxxxxxxx>
• Date: Sat, 26 Jan 2008 21:53:34 -0600

---

CCW <c.c.wood@xxxxxxxxx> wrote:

Hi,

I've got Samba working (eventually!), and tracked it down to my
iptables configuration. I assume that iptables starts when linux boots
up. In this state, I can't access my samba server from my Windows
machines, but my windows machines can access the internet.

However, when I run,

[root@server~]service iptables stop

I can access samba (set my shares as mapped networked drives etc), but
internet connectivity stops. If I restart iptables, internet
connectivity is restored, but connection to samba stops!

My network is set up as:

Router (192.168.0.1) ----- fc7 server (eth0) 192.168.0.3 -- (eth1)
192.168.1.100 ----- Windows network (192.168.1.100-120)

When I can't access the internet, I can't ping eth0 (192.168.0.3) or
the router.

Can anyone point me in the direction of a decent tutorial explaining
how to set up iptables to allow my internal network (192.168.1.*)
access to the internet?

A decent tutorial would likely have to be distribution-specific unless
you are thinking of building your own firewall from scratch. However,
here is something to try when the firewall is up:

iptables -I INPUT -i eth1 -p TCP -m multiport --dports 135,139,445 -j ACCEPT
iptables -I INPUT -i eth1 -p UDP -m multiport --dports 137,138 -j ACCEPT

These commands are based on

http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-samba.html#firewallports

If they provide access to the samba server then perhaps you can find an
appropriate place or way to add their equivalents to the fc7 iptables
setup.

Briefly, the commands insert rules at the beginning of the INPUT chain
which should allow input to fc7 from the Windows network on samba net-bios
ports, and may allow samba to work if fc7 output to the Windows network
is unfettered. No guarantee, I don't use fedora or do Windows.

--
Clifford Kite

.

---

• References:
  • iptables / Samba / internet connectivity
    • From: CCW

• Prev by Date: iptables with connlimit question
• Next by Date: Re: iptables with connlimit question
• Previous by thread: Re: iptables / Samba / internet connectivity
• Next by thread: iptables with connlimit question
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Samba issue - Newbie looking for some advice ... Think this issue is due to the iptables running. ... > network neighborhood, it finds it quickly enough, ... > and states that it is a samba server. ... > But when I do this from a command line on my windows ... (RedHat) Re: windows/Linux sharing ... You can always install an NFS client on the windows machines, ... Your requirement to not use samba sort of begs the question "why" ... Using samba or NFS over the internet would be kinda ... (comp.os.linux.misc) Re: iptables / Samba / internet connectivity ... I assume that iptables starts when linux boots ... I can't access my samba server from my Windows ... but my windows machines can access the internet. ... Not to subtract from what you have accomplished, you may find ssh ... (comp.os.linux.networking) Re: iptables / Samba / internet connectivity ... I assume that iptables starts when linux boots ... I can't access my samba server from my Windows ... but my windows machines can access the internet. ... My network is set up as: ... (comp.os.linux.networking) iptables / Samba / internet connectivity ... I assume that iptables starts when linux boots ... I can't access my samba server from my Windows ... but my windows machines can access the internet. ... connectivity is restored, ... (comp.os.linux.networking)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

linux.derkeiler.com  > Newsgroups  > comp.os.linux.networking  > 2008-01