Re: Samba help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

dalen wrote:
Knowing less about iptables than smb.conf and based on what I found in the existing /etc/sysconfig/iptables, I added these two lines:

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 137:139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT

Are these the entries I _should_ add to iptables?

Thanks!

Andrew Robinson


Andrew,
Like you, I know little about iptables. I googled and found that smb needs port 137-139(basic smb) and 445(for win2k clients IIRC). Initially, I setup the firewall for ssh only and noticed the following line...

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

Using this as an example, I duplicated the above line for each port/protocol I needed as shown below.

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 445 -j ACCEPT

This may be opening more ports/protocols than neccesary and I may try to research it and close unneccesary ports later. Another option is to use the redhat firewall script (I don't remember the name). It basically asks which ports or service name to open and updates the iptables config file.

Dale

Those first 6 rules could be rewritten as two:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 137:139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137:139 -j ACCEPT

Saves space and typing.  ;-)
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens@xxxxxxxxxxxxxxx -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-          su -; find / -name someone -exec touch \{\} \;            -
-                          - The UNIX way of touching someone        -
----------------------------------------------------------------------



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux