samba - Feb 2004 - RE: samba problem

Hi Alexander,

The kind of firewall i have uses the basic iptables which came with the 
installation CDs of linux-SuSE.

I installed SuSE 8.1 which has a firewall that has to be activated. But now, u 
know, i can't find the file containing the iptables so as to adjust the 
rules. When i try "iptables -L" in console mode i can see all the
rules.

I think i need to add some new rules in the iptables so that samba works 
properly. What's yo opinion?

So, could u be knowing the configuration file and path for the firewall rules?
My kernel is 2.4.19.
'hope to hear from u any time. 
Thanks.
Rgds,
       Segie.

Hi!

If this firewall is iptables, then the problem with samba could be, that the 
iptables-rules allow the forwarding on ip-packet through the firewall-gateway 
but nothing is allowed to contact the gateway itself.
In "normal" iptables-rules, the default policy for everything should
be set to
"drop". Then the necessary ports are opend. 
There are 3 directions: forward (to forward packets from one net o another), 
input and output. The last two apply to the firewall gateway itsself.

I don't know about the exact form of SuSEs rules, but to allow contact from 
the internal net to the gateway-samba-machine, there should be some rules 
like this:
iptables -A INPUT -s ip-address.of.internal.net -p tcp -i interface-to 
-internal-net -j ACCEPT
iptables -A INPUT -s ip-address.of.internal.net -p udp -i interface-to 
-internal-net -j ACCEPT
iptables -A OUTPUT -d ip-address.of.internal.net -p tcp -o interface-to 
-internal-net -j ACCEPT
iptables -A OUTPUT -d ip-address.of.internal.net -p udp -o interface-to 
-internal-net -j ACCEPT

These rules should allow for any contact from the internal net to the 
gatway-firewall-machine and the correspondig responses (for all ports). If 
this is too crude for your needs you could refine it with some restictions to 
the ports used by samba (137, 138, 139, 445, as far as I know). If this 
doesn't work, then perhaps you have to allow contact to the 
loopback-ip-addess.

There's an extensive and very goot HowTo about iptables-firewall-rules at
http://iptables-tutorial.frozentux.net/iptables-tutorial.html (by Oskar 
Andreasson)

Hope it helps,

Alexander
-- 
Netzwerk- & Systemadministrator
-------------------------------------------
agoeres _at_ lieblinx.net
tel.: +49 (0)30 / 61 20 26 87
fax: +49 (0)30 / 61 20 26 89
-------------------------------------------
lieblinxNET
     we do software
a Marwood & Thiele GbR
-------------------------------------------
reichenberger stra?e 125
10999 Berlin

http://lieblinx.net
-------------------------------------------
Am Donnerstag, 12. Februar 2004 18:05 schrieb geralds:
> Hi Alexander,
>
> The kind of firewall i have uses the basic iptables which came with the
> installation CDs of linux-SuSE.
>
> I installed SuSE 8.1 which has a firewall that has to be activated. But
> now, u know, i can't find the file containing the iptables so as to
adjust
> the rules. When i try "iptables -L" in console mode i can see all
the
> rules.
>
> I think i need to add some new rules in the iptables so that samba works
> properly. What's yo opinion?
>
> So, could u be knowing the configuration file and path for the firewall
> rules? My kernel is 2.4.19.
> 'hope to hear from u any time.
> Thanks.
> Rgds,
>        Segie.