Knowing less about iptables than smb.conf and based on what I found in the existing /etc/sysconfig/iptables, I added these two lines:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 137:139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
Are these the entries I _should_ add to iptables?
Thanks!
Andrew Robinson
Andrew,
Like you, I know little about iptables. I googled and found that smb needs port 137-139(basic smb) and 445(for win2k clients IIRC). Initially, I setup the firewall for ssh only and noticed the following line...
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
Using this as an example, I duplicated the above line for each port/protocol I needed as shown below.
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 445 -j ACCEPT
This may be opening more ports/protocols than neccesary and I may try to research it and close unneccesary ports later. Another option is to use the redhat firewall script (I don't remember the name). It basically asks which ports or service name to open and updates the iptables config file.
Dale
