You are not logged in.

#1 2013-05-16 15:06:32

swatquest
Member
Registered: 2013-01-07
Posts: 30

[SOLVED]Iptables - samba

started

smbd and nmbd

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p icmp -j ACCEPT 
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 54490 -j ACCEPT
-A INPUT -p udp -m udp --dport 54498 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 51413 -j ACCEPT
-A INPUT -p udp -m udp --dport 137 -j ACCEPT
-A INPUT -p udp -m udp --dport 138 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 139 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 445 -j ACCEPT
-A INPUT -p tcp -j REJECT --reject-with tcp-reset 
-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable 
-A INPUT -j REJECT --reject-with icmp-proto-unreachable 
COMMIT

-A INPUT -p udp -m udp --dport 137 -j ACCEPT
-A INPUT -p udp -m udp --dport 138 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 139 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 445 -j ACCEPT

With iptables does not work.
Without iptables works.

Last edited by swatquest (2013-05-17 02:09:04)

Offline

#2 2013-05-16 15:22:58

WonderWoofy
Member
From: Los Gatos, CA
Registered: 2012-05-19
Posts: 8,414

Re: [SOLVED]Iptables - samba

I am no expert on iptables... in fact I know very very very little.  But from what I can find on the internets, shouldn't the tcp/139 be something like this:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT

I have no idea really if that is necessary.  I think I might know almost as little about Samba as I do about iptables.  I know enough to set it up, but I hav enever even thought about opening up Samba to the greater internets.

Offline

#3 2013-05-16 20:48:53

ajbibb
Member
Registered: 2012-02-12
Posts: 142

Re: [SOLVED]Iptables - samba

I only run smbclient, not the full blown samba, however I've found that I need: 

-A INPUT -p udp  --sport 137 -j ACCEPT

I think this allows Samba to browse the network, or at least receive netbios name packets from the other computers you are attached to.  My iptables work with that rule, but do not work if it is missing.

Offline

#4 2013-05-16 22:35:22

WonderWoofy
Member
From: Los Gatos, CA
Registered: 2012-05-19
Posts: 8,414

Re: [SOLVED]Iptables - samba

Excellent, whay to find what you need sir!  Please mark the thread as [Solved].  This can be done by editing the first post, which will in turn allow you to edit the title.

Offline

#5 2013-05-17 02:09:25

swatquest
Member
Registered: 2013-01-07
Posts: 30

Re: [SOLVED]Iptables - samba

Thanks.

-A INPUT -p udp  --sport 137 -j ACCEPT

Last edited by swatquest (2013-05-17 02:09:55)

Offline

Board footer

Powered by FluxBB