[plug] cannot see smaba shares with firewall enabled.
Shannon Carver
shannon.carver at gmail.com
Mon Mar 27 21:45:06 WST 2006
Hi Jon,
Are you saying they can get to the share with the firewall enabled if
they browse directly to it? (\\192.168.0.1\sharename) If so, it sounds
like its just your NIS (I think) thats having a problem. I think
there's another port that can be opened to allow smb/cifs browsing to
work, I'll have to go dig through my list of ports/programs now.
Shannon
Jon Miller wrote:
> I would like to know if there is a rule that can be created in iptables that would allow a samba server shares to be seen on the internal LAN. The interface is on eth0 the ip address of eth0 is 192.168.0.1. It seems that when I applied a firewall I have blocked smb from showing up. Now the users cannot see any shares via Network Neighborhood on both W2KP and WXP workstations.I can map a drive via Start->Run->\\192.168.0.1\sharename.
> This is on a Debian 3.1 server.
> Just taking a crack at it would this be correct?
> iptables -A FORWARD -p tcp -i eth0 --sport 137:139 -j ACCEPT; accepts inside (eth0) connection to samba
> iptables -A FORWARD -p udp -i eth0 --sport 137:139 -j ACCEPT
>
> ------------------------------------------------------------------------
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML><HEAD>
> <META http-equiv=Content-Type content="text/html; charset=us-ascii">
> <META content="MSHTML 6.00.2900.2802" name=GENERATOR></HEAD>
> <BODY style="MARGIN-TOP: 2px; FONT: 10pt Arial; MARGIN-LEFT: 2px">
> <DIV>I would like to know if there is a rule that can be created in iptables
> that would allow a samba server shares to be seen on the internal LAN. The
> interface is on eth0 the ip address of eth0 is 192.168.0.1. It seems that
> when I applied a firewall I have blocked smb from showing up. Now the
> users cannot see any shares via Network Neighborhood on both W2KP and WXP
> workstations.I can map a drive via
> Start->Run->\\192.168.0.1\sharename.<BR>This is on a Debian 3.1
> server.</DIV>
> <DIV>Just taking a crack at it would this be correct?</DIV>
> <DIV>iptables -A FORWARD -p tcp -i eth0 --sport 137:139 -j ACCEPT; accepts
> inside (eth0) connection to samba<BR>iptables -A FORWARD -p udp -i eth0
> --sport 137:139 -j ACCEPT</DIV></BODY></HTML>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
>
More information about the plug
mailing list