thr3ads.net - samba - [Samba] help with samba and iptables [Oct 2018]

If this information is useful, please help other people find it:
Share via:

Alex Gutiérrez Martínez

2018-Oct-04 18:50 UTC

[Samba] help with samba and iptables

Hi community, i have a samba server that work's great, but my friends of 
IT security said that is vulnerable without a firewall,  i try to set an 
iptables firewall using the official documentation but is not working 
(obviously), this ti my config:


#!/bin/sh
echo n Aplicando Reglas de Firewall...
## FLUSH de reglas
iptables -F
iptables -X
iptables -Z
iptables -t nat -F
## Establecemos politica por defecto
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
## Empezamos a filtrar
# El localhost se deja (por ejemplo conexiones locales a mysql)
/sbin/iptables -A INPUT -i lo -j ACCEPT
# Permito las IP
iptables -A INPUT -s 192.168.1.5 -j ACCEPT
#permito el acceso a servicio ntp
/sbin/iptables -A INPUT -s 192.168.2.3 -p udp -m udp --dport 123 -j ACCEPT
/sbin/iptables -A INPUT -s 192.168.2.3 -p udp -m udp --sport 123 -m 
state --state RELATED,ESTABLISHED -j ACCEPT
#permito el acceso a smb-udp
#lan dvm
/sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 88 -j ACCEPT
/sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 88 -m 
state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 137 -j 
ACCEPT
/sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 137 -m 
state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 138 -j 
ACCEPT
/sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 138 -m 
state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 389 -j 
ACCEPT
/sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 389 -m 
state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 464 -j 
ACCEPT
/sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 464 -m 
state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 
32700:32800 -j ACCEPT
/sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 
32700:32800 -m state --state RELATED,ESTABLISHED -j ACCEPT
#permito el acceso a smb-tcp
#lan dvm
/sbin/iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 88 -j ACCEPT
/sbin/iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --sport 88 -m 
state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 135 -j 
ACCEPT
/sbin/iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --sport 135 -m 
state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 139 -j 
ACCEPT
/sbin/iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --sport 139 -m 
state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 389 -j 
ACCEPT
/sbin/iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --sport 389 -m 
state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 445 -j 
ACCEPT
/sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 445 -m 
state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 464 -j 
ACCEPT
/sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 464 -m 
state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 636 -j 
ACCEPT
/sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 636 -m 
state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 3268 -j 
ACCEPT
/sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 3268 -m 
state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 
49152:65535 -j ACCEPT
/sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 
49152:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT

echo " OK . Verifique que lo que se aplica con: iptables L n"
# Permitimos la consulta a un primer DNS
/sbin/iptables -A INPUT -s  192.168.2.4 -p udp -m udp --sport 53 -j ACCEPT
/sbin/iptables -A OUTPUT -d  192.168.2.5 -p udp -m udp --dport 53 -j ACCEPT
#salvando config
/etc/init.d/iptables-persistent save
echo " OK . Verifique que lo que se aplica con: iptables -L -n"
# Fin del scrip


My question is simple, what i'm doing wrong?

-- 
Saludos Cordiales

Lic. Alex Gutiérrez Martínez

Tel. +53 7 2710327

Reindl Harald

2018-Oct-04 19:14 UTC

head link

[Samba] help with samba and iptables

start with simply that stuff by get rid of all the "-m state --state
RELATED,ESTABLISHED -j ACCEPT" rules - you need that only once on top
(or after loopbck device)

Am 04.10.18 um 20:50 schrieb Alex Gutiérrez Martínez via
samba:> Hi community, i have a samba server that work's great, but my friends
of
> IT security said that is vulnerable without a firewall,  i try to set an
> iptables firewall using the official documentation but is not working
> (obviously), this ti my config:
> 
> #!/bin/sh
> echo n Aplicando Reglas de Firewall...
> ## FLUSH de reglas
> iptables -F
> iptables -X
> iptables -Z
> iptables -t nat -F
> ## Establecemos politica por defecto
> iptables -P INPUT DROP
> iptables -P OUTPUT ACCEPT
> iptables -P FORWARD ACCEPT
> ## Empezamos a filtrar
> # El localhost se deja (por ejemplo conexiones locales a mysql)
> /sbin/iptables -A INPUT -i lo -j ACCEPT
> # Permito las IP
> iptables -A INPUT -s 192.168.1.5 -j ACCEPT
> #permito el acceso a servicio ntp
> /sbin/iptables -A INPUT -s 192.168.2.3 -p udp -m udp --dport 123 -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.2.3 -p udp -m udp --sport 123 -m
> state --state RELATED,ESTABLISHED -j ACCEPT
> #permito el acceso a smb-udp
> #lan dvm
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 88 -j
> ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 88 -m
> state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 137 -j
> ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 137 -m
> state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 138 -j
> ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 138 -m
> state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 389 -j
> ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 389 -m
> state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 464 -j
> ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 464 -m
> state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport
> 32700:32800 -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport
> 32700:32800 -m state --state RELATED,ESTABLISHED -j ACCEPT
> #permito el acceso a smb-tcp
> #lan dvm
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 88 -j
> ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --sport 88 -m
> state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 135 -j
> ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --sport 135 -m
> state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 139 -j
> ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --sport 139 -m
> state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 389 -j
> ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --sport 389 -m
> state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 445 -j
> ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 445 -m
> state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 464 -j
> ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 464 -m
> state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 636 -j
> ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 636 -m
> state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 3268 -j
> ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 3268 -m
> state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport
> 49152:65535 -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport
> 49152:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
> 
> echo " OK . Verifique que lo que se aplica con: iptables L n"
> # Permitimos la consulta a un primer DNS
> /sbin/iptables -A INPUT -s  192.168.2.4 -p udp -m udp --sport 53 -j ACCEPT
> /sbin/iptables -A OUTPUT -d  192.168.2.5 -p udp -m udp --dport 53 -j ACCEPT
> #salvando config
> /etc/init.d/iptables-persistent save
> echo " OK . Verifique que lo que se aplica con: iptables -L -n"
> # Fin del scrip
> 
> 
> My question is simple, what i'm doing wrong?

Rowland Penny

2018-Oct-04 19:41 UTC

head link

[Samba] help with samba and iptables

On Thu, 4 Oct 2018 14:50:21 -0400
Alex Gutiérrez Martínez via samba <samba at lists.samba.org> wrote:
> Hi community, i have a samba server that work's great, but my friends
> of IT security said that is vulnerable without a firewall,  i try to
> set an iptables firewall using the official documentation but is not
> working (obviously), this ti my config:
> 
> 
> #!/bin/sh
> echo n Aplicando Reglas de Firewall...
> ## FLUSH de reglas
> iptables -F
> iptables -X
> iptables -Z
> iptables -t nat -F
> ## Establecemos politica por defecto
> iptables -P INPUT DROP
> iptables -P OUTPUT ACCEPT
> iptables -P FORWARD ACCEPT
> ## Empezamos a filtrar
> # El localhost se deja (por ejemplo conexiones locales a mysql)
> /sbin/iptables -A INPUT -i lo -j ACCEPT
> # Permito las IP
> iptables -A INPUT -s 192.168.1.5 -j ACCEPT
> #permito el acceso a servicio ntp
> /sbin/iptables -A INPUT -s 192.168.2.3 -p udp -m udp --dport 123 -j
> ACCEPT /sbin/iptables -A INPUT -s 192.168.2.3 -p udp -m udp --sport
> 123 -m state --state RELATED,ESTABLISHED -j ACCEPT
> #permito el acceso a smb-udp
> #lan dvm
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 88 -j
> ACCEPT /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp
> --sport 88 -m state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 137
> -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 137
> -m state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 138
> -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 138
> -m state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 389
> -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 389
> -m state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 464
> -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 464
> -m state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 
> 32700:32800 -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 
> 32700:32800 -m state --state RELATED,ESTABLISHED -j ACCEPT
> #permito el acceso a smb-tcp
> #lan dvm
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 88 -j
> ACCEPT /sbin/iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp
> --sport 88 -m state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 135
> -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --sport 135
> -m state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 139
> -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --sport 139
> -m state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 389
> -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --sport 389
> -m state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 445
> -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 445
> -m state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 464
> -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 464
> -m state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 636
> -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 636
> -m state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 3268
> -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 3268
> -m state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 
> 49152:65535 -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 
> 49152:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
> 
> echo " OK . Verifique que lo que se aplica con: iptables L n"
> # Permitimos la consulta a un primer DNS
> /sbin/iptables -A INPUT -s  192.168.2.4 -p udp -m udp --sport 53 -j
> ACCEPT /sbin/iptables -A OUTPUT -d  192.168.2.5 -p udp -m udp --dport
> 53 -j ACCEPT #salvando config
> /etc/init.d/iptables-persistent save
> echo " OK . Verifique que lo que se aplica con: iptables -L -n"
> # Fin del scrip
> 
> 
> My question is simple, what i'm doing wrong?
> 
It looks like your 'Samba server' is a DC so you are missing a couple of
ports: 137:udp and 138:udp
You also don't seem to have the NTP port: 123:udp

Finally, what version of Samba are you using ?
the ports 49152-65535 were used from 4.7.0, before that they should be
1024-1300

Rowland

Rowland Penny

2018-Oct-04 20:23 UTC

head link

[Samba] help with samba and iptables

On Thu, 4 Oct 2018 14:50:21 -0400
Alex Gutiérrez Martínez via samba <samba at lists.samba.org> wrote:
> Hi community, i have a samba server that work's great, but my friends
> of IT security said that is vulnerable without a firewall,  i try to
> set an iptables firewall using the official documentation but is not
> working (obviously), this ti my config:
> 
> 
> #!/bin/sh
> echo n Aplicando Reglas de Firewall...
> ## FLUSH de reglas
> iptables -F
> iptables -X
> iptables -Z
> iptables -t nat -F
> ## Establecemos politica por defecto
> iptables -P INPUT DROP
> iptables -P OUTPUT ACCEPT
> iptables -P FORWARD ACCEPT
> ## Empezamos a filtrar
> # El localhost se deja (por ejemplo conexiones locales a mysql)
> /sbin/iptables -A INPUT -i lo -j ACCEPT
> # Permito las IP
> iptables -A INPUT -s 192.168.1.5 -j ACCEPT
> #permito el acceso a servicio ntp
> /sbin/iptables -A INPUT -s 192.168.2.3 -p udp -m udp --dport 123 -j
> ACCEPT /sbin/iptables -A INPUT -s 192.168.2.3 -p udp -m udp --sport
> 123 -m state --state RELATED,ESTABLISHED -j ACCEPT
> #permito el acceso a smb-udp
> #lan dvm
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 88 -j
> ACCEPT /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp
> --sport 88 -m state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 137
> -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 137
> -m state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 138
> -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 138
> -m state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 389
> -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 389
> -m state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 464
> -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 464
> -m state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 
> 32700:32800 -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 
> 32700:32800 -m state --state RELATED,ESTABLISHED -j ACCEPT
> #permito el acceso a smb-tcp
> #lan dvm
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 88 -j
> ACCEPT /sbin/iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp
> --sport 88 -m state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 135
> -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --sport 135
> -m state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 139
> -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --sport 139
> -m state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 389
> -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --sport 389
> -m state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 445
> -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 445
> -m state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 464
> -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 464
> -m state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 636
> -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 636
> -m state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 3268
> -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 3268
> -m state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 
> 49152:65535 -j ACCEPT
> /sbin/iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --sport 
> 49152:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
> 
> echo " OK . Verifique que lo que se aplica con: iptables L n"
> # Permitimos la consulta a un primer DNS
> /sbin/iptables -A INPUT -s  192.168.2.4 -p udp -m udp --sport 53 -j
> ACCEPT /sbin/iptables -A OUTPUT -d  192.168.2.5 -p udp -m udp --dport
> 53 -j ACCEPT #salvando config
> /etc/init.d/iptables-persistent save
> echo " OK . Verifique que lo que se aplica con: iptables -L -n"
> # Fin del scrip
> 
> 
> My question is simple, what i'm doing wrong?
> 
Now I have looked at the above a bit more carefully, there are numerous
errors, can I suggest you read this:

https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage

Rowland

Apparently Analagous Threads

Search for more apparently analagous threads

samba - Oct 2018 - help with samba and iptables

[Samba] help with samba and iptables

[Samba] help with samba and iptables

[Samba] help with samba and iptables

[Samba] help with samba and iptables

Apparently Analagous Threads