I am having major set backs trying to access through my firewall (ipchains). The default policy on my chains is set to deny and then i am giving the following ipchains rule for samba. ipchains -A input -p tcp -s $Internal_subnet -d Internal_net 137:139 -j ACCEPT ipchains -A input -p udp -s $Internal_subnet -d Internal_net 137:139 -j ACCEPT ipchains -A output -p tcp -d $Internal_subnet -s Internal_net 137:139 -j ACCEPT ipchains -A output -p udp -d $Internal_subnet -s Internal_net 137:139 -j ACCEPT this does not work. BUT, If i change the policy to accept all, then the samba is accessible from my win client machines. just to make sure that the ipchains was configured properly i ran my ftp server from all 3 ports and tested the connection from a client machine. i was able to connect to the ftp server. can someone please tell me what i am missing. Thankyou ====Poorav Chaudhari __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
try opening port 445 as well. smb runs over tcp/ip in newer versions of windows if you have it enabled. -----Original Message----- From: samba-admin@lists.samba.org [mailto:samba-admin@lists.samba.org]On Behalf Of Poorav Chaudhari Sent: Wednesday, December 18, 2002 1:59 PM To: samba@lists.samba.org Subject: [Samba] samba and ipchains I am having major set backs trying to access through my firewall (ipchains). The default policy on my chains is set to deny and then i am giving the following ipchains rule for samba. ipchains -A input -p tcp -s $Internal_subnet -d Internal_net 137:139 -j ACCEPT ipchains -A input -p udp -s $Internal_subnet -d Internal_net 137:139 -j ACCEPT ipchains -A output -p tcp -d $Internal_subnet -s Internal_net 137:139 -j ACCEPT ipchains -A output -p udp -d $Internal_subnet -s Internal_net 137:139 -j ACCEPT this does not work. BUT, If i change the policy to accept all, then the samba is accessible from my win client machines. just to make sure that the ipchains was configured properly i ran my ftp server from all 3 ports and tested the connection from a client machine. i was able to connect to the ftp server. can someone please tell me what i am missing. Thankyou ====Poorav Chaudhari __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
The general way of running down this sort of problem is to enable logging in you firewall rules and then watch what happens. You would have a better idea of what is going on by printing out your firewall ipchains rules with ipchains-save. You can easily edit them with a wordprocessor. Add -l at the end of the rules to log the rule activity, like so: -A input -s 0.0.0.0/0.0.0.0 -d 67.34.39.58/255.255.255.255 80:80 -i eth1 -p 6 -j DENY -l (67.34.39.58 is my server) You can then ipchains -F;cat fileofipchains | ipchain-restore to reload your rules. Joel ipchains-saveOn Wed, Dec 18, 2002 at 10:59:29AM -0800, Poorav Chaudhari wrote:> I am having major set backs trying to access through my firewall (ipchains). > The default policy on my chains is set to deny and then i am giving the > following ipchains rule for samba. > > ipchains -A input -p tcp -s $Internal_subnet -d Internal_net 137:139 -j ACCEPT > ipchains -A input -p udp -s $Internal_subnet -d Internal_net 137:139 -j ACCEPT > ipchains -A output -p tcp -d $Internal_subnet -s Internal_net 137:139 -j ACCEPT > ipchains -A output -p udp -d $Internal_subnet -s Internal_net 137:139 -j ACCEPT > > this does not work. > > BUT, If i change the policy to accept all, then the samba is accessible from my > win client machines. just to make sure that the ipchains was configured > properly i ran my ftp server from all 3 ports and tested the connection from a > client machine. i was able to connect to the ftp server. > > can someone please tell me what i am missing. > > Thankyou > > ====> Poorav Chaudhari > > __________________________________________________ > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now. > http://mailplus.yahoo.com > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba