You are not logged in.
- Topics: Active | Unanswered
#1 2016-08-26 14:41:06
- full_noob
- Member
- Registered: 2016-08-26
- Posts: 1
iptables blocking samba
Hello. Can't connect to my samba server after turning on DROP policy in INPUT chain.
With ACCEPT policy samba connection is working.
Samba and iptables - same physical server.
Server has 3 main interfaces:
br0 - to LAN (192.168.0.1)
ppp0 - to provider
tun0 - VPN (10.1.0.1)
My INPUT chain:
Chain INPUT (policy DROP 8 packets, 4041 bytes)
pkts bytes target prot opt in out source destination
156 11272 ACCEPT all -- tun0 * 0.0.0.0/0 0.0.0.0/0
193 12245 ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0
187 24235 ACCEPT udp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:42127 #OpenVPN
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445My OUTPUT chain has ACCEPT policy and has no rules
Samba listening default ports
#netstat -ntl
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
tcp6 0 0 :::445 :::* LISTEN
tcp6 0 0 :::139 :::* LISTENWhen I switch INPUT policy to ACCEPT and sucsessfuly connect to samba:
#netstat -nt | grep 10.1.0.6
tcp 0 36 192.168.0.1:22 10.1.0.6:60242 ESTABLISHED
tcp 0 0 192.168.0.1:139 10.1.0.6:41044 ESTABLISHED
tcp 0 0 192.168.0.1:139 10.1.0.6:41042 ESTABLISHEDI tried:
1) open TCP and UDP destination ports: 137,138,139,445
2) open TCP and UDP source ports: 137,138,139,445
But, of course, without results.
Help, please :-)
Last edited by full_noob (2016-08-26 14:47:02)
Offline
#2 2016-08-26 16:06:37
- R00KIE
- Forum Fellow
- From: Between a computer and a chair
- Registered: 2008-09-14
- Posts: 4,734
Re: iptables blocking samba
You might want to also allow related and established connections [1].
R00KIE
Tm90aGluZyB0byBzZWUgaGVyZSwgbW92ZSBhbG9uZy4K
Offline