hallo samba i have samba installed on a linux SuSE e-mail server II. i need to know witch port i have to open in my firewall to be able to connect the samba share via NT's explore my samba share om linux03 is [home] = /home/users and a connect from my NT4.0 workstation explore with \\linux03\home where is a firewall between my linux03 server with samba and my NT4.0 workstation. Med venlig hilsen damixa a/s Jytte Nielsen email: jn@damixa.dk tlf: 63102273 fax: 63102207
hallo samba i have samba installed on a linux SuSE e-mail server II. i need to know witch port i have to open in my firewall to be able to connect the samba share via NT's explore my samba share om linux03 is [home] = /home/users and a connect from my NT4.0 workstation explore with \\linux03\home where is a firewall between my linux03 server with samba and my NT4.0 workstation. Med venlig hilsen damixa a/s Jytte Nielsen email: jn@damixa.dk tlf: 63102273 fax: 63102207
> From: Joel Hammer [mailto:Joel@HammersHome.com] > > cat /etc/services | grep -i netbiosShorter yet, grep -i netbios /etc/services :))) -- Dimi.
137:138 udp 139 tcp -----Original Message----- From: samba-admin@lists.samba.org [mailto:samba-admin@lists.samba.org] On Behalf Of Jytte Nielsen Sent: Monday, November 19, 2001 10:13 AM To: samba@lists.samba.org Subject: firewall hallo samba i have samba installed on a linux SuSE e-mail server II. i need to know witch port i have to open in my firewall to be able to connect the samba share via NT's explore my samba share om linux03 is [home] = /home/users and a connect from my NT4.0 workstation explore with \\linux03\home where is a firewall between my linux03 server with samba and my NT4.0 workstation. Med venlig hilsen damixa a/s Jytte Nielsen email: jn@damixa.dk tlf: 63102273 fax: 63102207 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Is it possible to implement the following scenario: Can a WinXP client connected to the internet (through SMC NAT router) see our Samba 2.2.2 server behind a firewall? I would like somehow for this client to see a samba share in his Network neighborhood over the internet and through 2 firewalls. Is a VPN the solution? Thanks. Gary Ferrer gary@ferrer.yi.org
Ok, so I know from `netstat --ip -lnp` that the only ports smbd and nmbd are using are TCP 139, and UDP 137 and 138. I find it a little odd though that nmbd is bound to both 0.0.0.0 AND my primary interface. My problem is that I can't access shares on a windows machine unless I turn off my firewall. I'm using RH 8 and the 2.2.6-2 RPMs from the web page (working fine so far, barring this firewall thing). I have these rules added in iptables -A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 139 --syn -j ACCEPT -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 137 -j ACCEPT -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 138 -j ACCEPT tcpdump shows ports TCP 139 and UDP 137 being accessed when I run findsmb. But nothing is listed when I do. If I turn off my firewall, the other machine on the LAN, my windows box, is listed. What am I missing?
Justin,> -A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 139 --syn -j ACCEPT > -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 137 -j ACCEPT > -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 138 -j ACCEPTDid you specify OUTPUT rules also ? You may want to try the following lines taken from a working server config. "keep_state" is a special chain for stateful inspection and logging purposes: -A INPUT -p tcp -s 192.168.1.0/24 --sport 1024: --dport 137:139 -j ACCEPT -A OUTPUT -p tcp -d 192.168.1.0/24 --sport 137:139 --dport 1024: -j keep_state -A OUTPUT -p tcp -d 192.168.1.0/24 --sport 1024: --dport 137:139 -j ACCEPT -A INPUT -p tcp -s 192.168.1.0/24 --sport 137:139 --dport 1024: -j keep_state -A INPUT -p udp -s 192.168.1.0/24 --dport 137:139 -j ACCEPT -A OUTPUT -p udp -d 192.168.1.0/24 --dport 137:139 -j ACCEPT -N keep_state -A keep_state -m state --state INVALID -j DROP -A keep_state -m state --state RELATED,ESTABLISHED -j ACCEPT # debug, info, notice, warning, err, crit, alert und emerg -A keep_state -m limit --limit 10/minute --limit-burst 10 -j LOG --log-level notice --log-prefix "Packets dropped: " -A keep_state -j DROP
Justin,> Well, still no go. I've attached the script I used to create the > firewall. Tcpdump still shows an icmp packet going back to > the queried machine to say the UDP port is unreachable....> /sbin/iptables -A INPUT -i lo -j ACCEPT > /sbin/iptables -A INPUT -i wlan0 -m state --state > ESTABLISHED,RELATED -j ACCEPT > /sbin/iptables -A INPUT -p tcp -m tcp --syn -j REJECT^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^> /sbin/iptables -A INPUT -p udp -m udp -j REJECT^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Ooops ;-)), you're sure you want to have these rules at the end of your script ??> Can anyone comment on what the -m flag is for?Quoting from the iptables man page: ----------------------------------- MATCH EXTENSIONS iptables can use extended packet matching modules. These are loaded in two ways: implicitly, when -p or --protocol is specified, or with the -m or --match options, followed by the matching module name; after these, various extra command line options become available, depending on the specific module. ----------------------------------- Please have a look at the following website for a couple of great tutorials and FW script examples. I'd personally recommend reading Oskar Andreasson's tutorial also: www.netfilter.org/documentation/index.html#tutorials www.netfilter.org/documentation/tutorials/blueflux/iptables-tutorial.htm l Good luck, Uli