> -----Original Message-----
> From: Gavin Davenport [mailto:gavdav@gavdav.demon.co.uk]
> iptables -L -v will show you which rules are being triggered (when the
> service is started).
>
> Its possible its hitting the implicit deny all for the input rule, try
> adding some logging to your rules.
well i made some change on my iptables rules to make things more clear(at
least for me), by removing the -m multiport.
[root@Bhp-0m03-0472 root]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.2.7a on Tue Oct 21 19:42:29 2003
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2:100]
[2:100] -A INPUT -i lo -j ACCEPT
[0:0] -A INPUT -p icmp -j ACCEPT
[0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
[0:0] -A INPUT -p udp -m state --state NEW -m udp --dport 445 -j ACCEPT
[0:0] -A INPUT -p udp -m state --state NEW -m udp --dport 139 -j ACCEPT
[0:0] -A INPUT -p udp -m state --state NEW -m udp --dport 138 -j ACCEPT
[0:0] -A INPUT -p udp -m state --state NEW -m udp --dport 137 -j ACCEPT
[0:0] -A INPUT -p udp -m state --state NEW -m udp --dport 135 -j ACCEPT
[0:0] -A INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT
[0:0] -A INPUT -p tcp -m state --state NEW -m tcp --dport 139 -j ACCEPT
[0:0] -A INPUT -p tcp -m state --state NEW -m tcp --dport 135 -j ACCEPT
COMMIT
# Completed on Tue Oct 21 19:42:29 2003
[root@Bhp-0m03-0472 root]#
then, zeroing my iptables counter and start counting the packets. it seems
to me that some (?) of the packets originating from my windows box being
dropped by iptables. When the windows explorer finally give up, the dropped
packet counter reach the number 1210 packets, that is 115k bytes.
[root@Bhp-0m03-0472 root]# grep Chain elve.txt
Chain INPUT (policy DROP 1210 packets, 115K bytes)
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
Chain OUTPUT (policy ACCEPT 436 packets, 43909 bytes)
[root@Bhp-0m03-0472 root]#
I also do some logging, with result:
[root@Bhp-0m03-0472 root]# grep SAMBA-LOG /var/log/messages |
\> cut -d' ' -f6,9,10,16- | sort | uniq | tee elve2.txt
SAMBA-LOGIN=eth0 SRC=148.175.152.21 DST=224.0.0.1 PROTO=2
SAMBA-LOGIN=eth0 SRC=148.175.153.137 DST=148.175.153.92 PROTO=UDP SPT=137
DPT=1345 LEN=70
SAMBA-LOGIN=eth0 SRC=148.175.153.137 DST=148.175.153.92 PROTO=UDP SPT=137
DPT=1347 LEN=70
SAMBA-LOGIN=eth0 SRC=148.175.153.138 DST=148.175.153.92 PROTO=UDP SPT=137
DPT=1345 LEN=70
SAMBA-LOGIN=eth0 SRC=148.175.153.138 DST=148.175.153.92 PROTO=UDP SPT=137
DPT=1347 LEN=70
SAMBA-LOGIN=eth0 SRC=148.175.153.140 DST=148.175.153.92 PROTO=UDP SPT=137
DPT=1345 LEN=82
SAMBA-LOGIN=eth0 SRC=148.175.153.140 DST=148.175.153.92 PROTO=UDP SPT=137
DPT=1347 LEN=82
SAMBA-LOGIN=eth0 SRC=148.175.153.141 DST=148.175.153.92 PROTO=UDP SPT=137
DPT=1345 LEN=82
SAMBA-LOGIN=eth0 SRC=148.175.153.141 DST=148.175.153.92 PROTO=UDP SPT=137
DPT=1347 LEN=82
SAMBA-LOGIN=eth0 SRC=148.175.153.192 DST=148.175.153.92 PROTO=UDP SPT=137
DPT=1345 LEN=70
SAMBA-LOGIN=eth0 SRC=148.175.153.192 DST=148.175.153.92 PROTO=UDP SPT=137
DPT=1347 LEN=70
SAMBA-LOGIN=eth0 SRC=148.175.157.145 DST=148.175.153.92 PROTO=UDP SPT=137
DPT=1345 LEN=76
[root@Bhp-0m03-0472 root]#
... and I still confused for what was went wrong. Is it samba or iptables
issue ? *exacly*, how to specify samba packets rules ?
salam,
ef
> -----Original Message-----
> From: samba-bounces+gavdav=gavdav.demon.co.uk@lists.samba.org
> [mailto:samba-bounces+gavdav=gavdav.demon.co.uk@lists.samba.org]On
> Behalf Of Faisal, Emir (KPC)
-->8> [root@Bhp-0m03-0472 root]# cat /etc/sysconfig/iptables
> # Generated by iptables-save v1.2.7a on Sun Oct 12 19:36:36 2003
> *filter
> :INPUT DROP [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [2:100]
> [0:0] -A INPUT -i lo -j ACCEPT
> [0:0] -A INPUT -p icmp -j ACCEPT
> [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> [0:0] -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
> [0:0] -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
> [0:0] -A INPUT -p udp -m state --state NEW -m multiport --dports
> 135,netbios-ns,netbios-dgm,netbios-ssn,microsoft-ds -j ACCEPT
> [0:0] -A INPUT -p tcp -m state --state NEW -m multiport --dports
> 135,netbios-ssn,microsoft-ds -j ACCEPT
> COMMIT
> # Completed on Sun Oct 12 19:36:36 2003
> [root@Bhp-0m03-0472 root]#
-->8
Disclaimer - This message and any attachments may contain privileged
information. Any unauthorised use of this message by any person may lead to
legal consequences. Any views expressed in this message are those of the
individual sender and may not necessarily reflect the views of PT Kaltim
Prima Coal.