Temlakos wrote:
Basil Copeland wrote:
I am too having this problem my network consists of Windows XP.I can
see the linux shares from Windows but not the windows share from the
Linux.
Any help would be appreciate.
Thanks & Regards
Do you have IPTABLES blocking the ports needed by smb?
Basil
An excellent point. Running Samba without opening the ports on IPTABLES
is a common-enough error. I've made it myself. WinXP/SP2, of course, now
has its own firewall that recognizes local shares--and Zone Labs has a
firewall that lets you define "trusted zones" consisting of whatever
subnets you care to define. But when you're working with IPTABLES, you
have to get your hands dirty.
Here's a solution I developed, in consultation with a networking expert
who uses Fedora extensively at our church. Make sure your file
/etc/sysconfig/iptables has the following lines in the appropriate place
in the sequence:
-A RH-Firewall-1-INPUT -p udp -m udp -s 192.168.1.0/24 --dport 137 -j
ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp -s 192.168.1.0/24 --sport 137 -j
ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 139 -j
ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp -s 192.168.1.0/24 --sport 139 -j
ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 445 -j
ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp -s 192.168.1.0/24 --sport 445 -j
ACCEPT
Depending on what sort of router you use, you need to open each port as
/both/ a source port /and/ a destination port, each on a separate line.
That will make /sure/ that IPTABLES will not drop your Samba packets.
Just to be clear, the ports you need to open are UDP port 137 and TCP
ports 139 and 445. I use that setup right now to connect to and from a
machine running WinXP/SP2.
The "-s 192.168.1.0/24" means "make this good only for subnet
192.168.1.0/255.255.255.0." That's the typical "down network" that most
SO/HO routers define. To sniff these out and verify them, I used
Ethereal while making a Samba connection. By limiting it to this subnet,
I make sure that my box is not open to any old hacker anywhere else on
the Internet who wants to "connect" to my Samba shares--or anything else
on my box--through those ports.
It'd be best if you verify that those ports are closed on the WAN side
of your router as well. Your Linux box may be protected by iptables,
the rest of your network ain't.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer rstevens@xxxxxxxxxxxxxxx -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- Do you know where _your_ towel is? -
----------------------------------------------------------------------