Re: Samba help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Andrew Robinson wrote:

Knowing less about iptables than smb.conf and based on what I found in the existing /etc/sysconfig/iptables, I added these two lines:

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 137:139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT

Are these the entries I _should_ add to iptables?

I ended up with the following on my samba PDC: -A RH-Firewall-1-INPUT -p udp -m udp --dport 137:138 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --sport 137:138 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 139 -j ACCEPT

Note that 137 and 138 use UDP rather than TCP.

The following were neccessary for making samba a WINS server:
-A RH-Firewall-1-INPUT -p udp -m udp --dport 1512 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 1512 -j ACCEPT
(Well, I probably only need one of the tcp/udp, but opening both shouldn't cause any security meltdowns at this stage... and it was easier than figuring out which are actually neccessary.)


445 doesn't seem to have been neccessary for my purposes, YMMV.




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux