Can someone please share their ipchains for samba? Do all the netbios ports (135:139) need to be open? Are they all that's needed? -mike
Mike, On Tue, 02 Jan 2001 15:01:12 -0800, Mike O'Neill wrote:>Can someone please share their ipchains for samba? Do all the netbios >ports (135:139) need to be open? Are they all that's needed? -mike(137:139), TCP and UDP. Regards, Robert -- --------------------------------------------------------------- Robert.Dahlem@gmx.net Fax +49-69-432647 --------------------------------------------------------------- Sent using PMMail (http://www.pmmail2000.com) - fast, decent, email software; far better than Outlook. Try it sometime.
I want to thank those of you who replied and add my own comments for the record. I found that on our network we need to open ports 137:139 for input and 135:139 for output. I'm not sure why the extra ports were needed for the output, but I do know that the "path to the (server share)" could not be found without the extra output ports open. -mike>> Can someone please share their ipchains for samba? Do all the netbios ports >> (135:139) need to be open? Are they all that's needed? -mike > > Yep - 137 through 139 need to be open to the local network, and closed > to the outside world. > > You can do that with the following script (of course, there are many > wasy to do this): > > localaddress=192.168.1.0/24 > remoteport=eth1 > for protocol in tcp udp > do > for port in 137 138 139 > do > /sbin/ipchains -A input -p $protocol --dport $port -s $localaddress > -j ACCEPT > /sbin/ipchains -A input -p $protocol --dport $port -i $remoteport -j > DENY > done > done > > Obviously, change the localaddress and remoteport to suit your needs > (like ppp0 for the typical dial-up connection). > > Calvin > > -- > Calvin Dodge > Certified Linux Bigot (tm) > http://www.caldodge.fpcc.net