Dear Folks, This is a note for all those people out there who had to turn off their firewalls (iptables) to get Samba to work. First start the GUI interface to the firewall by typing [somedir]# redhat-config-securitylevel Click on "Customize". Click the check box for your network adapter (usually "eth0"). Click on the checkboxes for any services you want to allow (I allow WWW, FTP, SSH, DHCP, and Telnet). In the "Other ports" edit box, enter "137:udp,137:tcp,138:udp,138:tcp,139:udp,139:tcp". At a command prompt type [somedir]# service iptables stop Flushing all chains: [ OK ] Removing user defined chains: [ OK ] Resetting built-in chains to the default ACCEPT policy: [ OK ] [somedir]# service iptables start Flushing all current rules and user defined chains: [ OK ] Clearing all current rules and user defined chains: [ OK ] Applying iptables firewall rules: [ OK ] This should allow all the packets necessary for Samba.
here's a mail, which was posted in this list... > all exact ports arel listed in /etc/services. > > the ports u need where postet a view days ago in this list. > please somebody correct, if i'm wrong: > > netbios-ns 137/tcp # NETBIOS Name Service > netbios-ns 137/udp # NETBIOS Name Service > netbios-dgm 138/tcp # NETBIOS Datagram Service > netbios-dgm 138/udp # NETBIOS Datagram Service > netbios-ssn 139/tcp # NETBIOS Session Service > netbios-ssn 139/udp # NETBIOS Session Service > and,if u need: > swat 901/tcp # XXX Samba Web Adminisration And with Win2K you may need port 445/tcp also. - John T. > > > >
Wolfgang Ratzka
2003-Mar-13 08:52 UTC
[Samba] Re: Configuring firewall to allow Samba to work
-----BEGIN PGP SIGNED MESSAGE----- nobody@bogus.org wrote: | | This is a note for all those people out there who had to turn off their | firewalls (iptables) to get Samba to work. First start the GUI | interface to the firewall by typing - - Your hint should only apply to a firewall that serves to harden your server ~ installation, i.e. if you use iptables on your server to control, which ~ kind of packets *from your local net* your server responds to. ~ If your firewall has the additional purpose to separate your local net ~ from the internet, then allowing NetBIOS over TCP/IP is not a good idea. ~ There are currently several windows worms that scan random IP address ~ ranges for weakly protected windows shares, so opening up your network to ~ these protocols is a bad idea! ~ To repeat that: You should open Ports 137, 138 and 139 (UDP and TCP) ~ only for your local net, not for the internet. - - Are we going to accept hints from someone without a name and with an ~ address "nobody@bogus.org"? I have the strong suspicion, that your ~ real purpose might be to trick people into opening up their firewalls. - -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany ~ http://www.uni-marburg.de/hrz/mitarbeiter/ratzka.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBPnBG2xwiO5rz0xULAQEyFwf/YD1AEn7jz5W9Pzp3KbyMpPv+XbFZA0qw 1pM0EY72XzJ1Dn6X1N4aJ7PT+Cwqr6CVj/fxaVaOBY+C4HYZ9pJomTDevp9W/npp GZM4mkHylVHH/D59nHsd6x4IhLYllENTIGeHOdxRVN19XnYsIPt4EJ9R1GADrjRA 5dMowsaFBsX2Qymj7MM9N3wIzHkHft9eHHKXfMJd5bmPinqmtMFHHEOcgKSzutHZ Z5d5vijP9DQuPxv2v5kLx6OKYPwmLXP+6sKOno0Q/l08EZUROaBHTQD6heeYCqC2 hPaWGaxRrtF/IO2YVLH9A5UFSOK9/Qiwwihv7cFTDn/VIB/IbY0yjw==xV38 -----END PGP SIGNATURE-----