Hmm... That's interesting. I started out with the firewall blocking
everything and then slowly allowed in ports based on what was being
logged. I did check the rest of my policy to make sure that it wasn't
listed in a different place and it's not.
What I have is completely functional as far as samba is concerned,
although I should have moved port 443 to a different section in my
policy. This server has been up and running for quite a while using the
above iptables policy. I bet if you try it, even with logging
everything that gets dropped/rejected you will find that it isn't using
the other ports you mentioned.
Anyone else have any experience with this?
--Kaleb
-----Original Message-----
From: Mark Brosius [mailto:mark@mebrosius.com]
Sent: Friday, June 14, 2002 8:06 AM
To: Kaleb Pederson
Cc: ssaba@lists.samba.org
Subject: RE: [Samba] ipchains question
It looks like you still need to allow port 137 on TCP, 138 on TCP and
139
on UDP. Oh, and 443 is for https.
Mark
On Fri, 14 Jun 2002, Kaleb Pederson wrote:
> Here is what I use (with iptables) for incoming requests. This is
what> I'm currently using and believe this is all that is required.
>
> from my iptables_policy file (using the iptables-restore format):
> -A samba -p tcp -m tcp --dport 139 -j ACCEPT
> -A samba -p tcp -m tcp --dport 443 -j ACCEPT // don't remember why
> 443/445
> -A samba -p tcp -m tcp --dport 445 -j ACCEPT // were necessary...
> -A samba -p tcp -m tcp --dport 901 -j ACCEPT // swat
> -A samba -p udp -m udp --dport 137 -j ACCEPT
> -A samba -p udp -m udp --dport 138 -j ACCEPT
>
> --Kaleb
>
> -----Original Message-----
> From: samba-admin@lists.samba.org [mailto:samba-admin@lists.samba.org]
> On Behalf Of Mark Brosius
> Sent: Friday, June 14, 2002 7:50 AM
> To: Raymond Norton
> Cc: samba@lists.samba.org
> Subject: Re: [Samba] ipchains question
>
> My guess is that you need to allow NetBIOS traffic. I think the ports
> are
> 137-139 for TCP and UDP. You might want to allow NetBIOS traffic on
> your
> LAN but do not allow it to go past your firewall to the internet.
>
> Mark
>
> On Fri, 14 Jun 2002, Raymond Norton wrote:
>
> > I have a couple questions that I will submit separately. When I have
> > IPchains running I can't get my samba box to show up in network
> > neighborhood, but when I turn ipchains off the box shows up. What
> rules do
> > I need to add for things to work properly?
> >
> > --
> > Raymond Norton
> > Little Crow Telemedia Network
> > 320-234-0270
> >
> >
> >
> >
>
>
>