You are not logged in.
started
smbd and nmbd
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p icmp -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 54490 -j ACCEPT
-A INPUT -p udp -m udp --dport 54498 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 51413 -j ACCEPT
-A INPUT -p udp -m udp --dport 137 -j ACCEPT
-A INPUT -p udp -m udp --dport 138 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 139 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 445 -j ACCEPT
-A INPUT -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
-A INPUT -j REJECT --reject-with icmp-proto-unreachable
COMMIT
-A INPUT -p udp -m udp --dport 137 -j ACCEPT
-A INPUT -p udp -m udp --dport 138 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 139 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 445 -j ACCEPT
With iptables does not work.
Without iptables works.
Last edited by swatquest (2013-05-17 02:09:04)
Offline
I am no expert on iptables... in fact I know very very very little. But from what I can find on the internets, shouldn't the tcp/139 be something like this:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
I have no idea really if that is necessary. I think I might know almost as little about Samba as I do about iptables. I know enough to set it up, but I hav enever even thought about opening up Samba to the greater internets.
Offline
I only run smbclient, not the full blown samba, however I've found that I need:
-A INPUT -p udp --sport 137 -j ACCEPT
I think this allows Samba to browse the network, or at least receive netbios name packets from the other computers you are attached to. My iptables work with that rule, but do not work if it is missing.
Offline
Excellent, whay to find what you need sir! Please mark the thread as [Solved]. This can be done by editing the first post, which will in turn allow you to edit the title.
Offline
Thanks.
-A INPUT -p udp --sport 137 -j ACCEPT
Last edited by swatquest (2013-05-17 02:09:55)
Offline