Fedora Users — Re: Iptables rule for windows file sharing?

Maybe this will help...

#!/bin/bash

SAMBA_SERVER="192.168.1.100 "
NETWORK="192.168.1.0/24"    # Local area network
BROADCAST="192.168.255.255" # Local area network Broadcast Address

iptables -A INPUT -i lo -j ACCEPT

iptables -A OUTPUT -o lo -j ACCEPT

iptables -A INPUT -p udp -s $NETWORK -d $SAMBA_SERVER \
-m multiport --dports 137,138 -j ACCEPT

iptables -A INPUT -p tcp -s $NETWORK -d $SAMBA_SERVER -m multiport \
--dports 139,445 -j ACCEPT

iptables -A INPUT -p udp -s $NETWORK -d $BROADCAST --dport 137 \
-j ACCEPT

iptables -A INPUT -p udp -d $SAMBA_SERVER -m multiport \
--dports 137,138 -j DROP

iptables -A INPUT -p tcp -d $SAMBA_SERVER -m multiport \
--dports 139,445 -j DROP

iptables -A OUTPUT -s $SAMBA_SERVER -d $NETWORK -m state --state \
ESTABLISHED,RELATED -j ACCEPT

Haven't used this but it's worth an attempt.
J

On Fri, 28 Jan 2005 15:40:12 -0500, Temlakos <temlakos@xxxxxxxxx> wrote:
> On Fri, 28 Jan 2005 13:02:27 -0600, Dale Sykora <dalen@xxxxxxxxxx> wrote:
> 
> > I remember having to open port 445 also.
> > Here is what worked for me from /etc/sysconfig/iptables
> >
> > -A RH-Firewall-1-INPUT -p udp --dport 137:138 -j ACCEPT
> > -A RH-Firewall-1-INPUT -p tcp --dport 139 -j ACCEPT
> > -A RH-Firewall-1-INPUT -p tcp --dport 445 -j ACCEPT
> 
> I just tried the above. And whenever I restart with that
> configuration, I can't see my Windows box, or my own box, at all in
> the "Networks" folder. Samba and Windows must be using some port or
> ports other than those above.
> 
> And just so everyone understands, I try to limit it to just my home
> network, thus:
> 
> -A RH-Firewall-1-INPUT -s 192.168.1.0/24 -p udp --dport 137:138 -j ACCEPT
> -A RH-Firewall-1-INPUT -s 192.168.1.0/24 -p tcp --dport 139 -j ACCEPT
> -A RH-Firewall-1-INPUT -s 192.168.1.0/24 -p tcp --dport 445 -j ACCEPT
> 
> And as I say, I still don't have enough ports open.
> 
> I've also tried opening all TCP and UDP ports between 135 and 139, and
> both the TCP and the UDP ports numbered 445. Still no result.
> 
> Temlakos
> 
> --
> fedora-list mailing list
> fedora-list@xxxxxxxxxx
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>