[plug] cannot see samba shares with firewall enabled.

Shannon Carver shannon.carver at gmail.com
Tue Mar 28 09:32:55 WST 2006 

Hi Jon, 

Now I'm unsure of myself!

I think to get it working correctly on my end, I had to open port 445,
however, now I'm not sure:

445 (TCP) - Server message block (SMB) for Netlogon, LDAP conversion and
Microsoft Distributed File System (DFS) discovery to all domain controllers
that are in the same Active Directory site as the Exchange front-end server.

I'm not sure of the exact set up on your end, but it sounds like you are
only trying to access the samba server internally.  If so, you could
probably make things easier for yourself by applying firewall rules just for
external network connections, and give the local LAN complete access.  Of
course, this would depend heavily on the setup of the network there...

Regards

Shannon Carver


-----Original Message-----
From: plug-bounces at plug.org.au [mailto:plug-bounces at plug.org.au] On Behalf
Of Jon Miller
Sent: Tuesday, 28 March 2006 7:20 AM
To: plug at plug.org.au
Subject: Re: [plug] cannot see smaba shares with firewall enabled.

This exactly what I'm saying

>>> shannon.carver at gmail.com 9:45:06 pm 27/03/2006 >>>
Hi Jon,

Are you saying they can get to the share with the firewall enabled if 
they browse directly to it? (\\192.168.0.1\sharename)  If so, it sounds 
like its just your NIS (I think) thats having a problem.  I think 
there's another port that can be opened to allow smb/cifs browsing to 
work, I'll have to go dig through my list of ports/programs now.

Shannon

Jon Miller wrote:
> I would like to know if there is a rule that can be created in iptables
that would allow a samba server shares to be seen on the internal LAN.  The
interface is on eth0 the ip address of eth0 is 192.168.0.1.  It seems that
when I applied a firewall I have blocked smb from showing up.  Now the users
cannot see any shares via Network Neighborhood on both W2KP and WXP
workstations.I can map a drive via Start->Run->\\192.168.0.1\sharename.
> This is on a Debian 3.1 server.
> Just taking a crack at it would this be correct?
> iptables -A FORWARD -p tcp -i eth0 --sport 137:139 -j ACCEPT; accepts
inside (eth0) connection to samba
> iptables -A FORWARD -p udp -i eth0 --sport 137:139 -j ACCEPT
>   
> ------------------------------------------------------------------------
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML><HEAD>
> <META http-equiv=Content-Type content="text/html; charset=us-ascii">
> <META content="MSHTML 6.00.2900.2802" name=GENERATOR></HEAD>
> <BODY style="MARGIN-TOP: 2px; FONT: 10pt Arial; MARGIN-LEFT: 2px">
> <DIV>I would like to know if there is a rule that can be created in
iptables 
> that would allow a samba server shares to be seen on the internal
LAN.  The 
> interface is on eth0 the ip address of eth0 is 192.168.0.1.  It seems
that 
> when I applied a firewall I have blocked smb from showing up.  Now
the 
> users cannot see any shares via Network Neighborhood on both W2KP and WXP 
> workstations.I can map a drive via 
> Start->Run->\\192.168.0.1\sharename.<BR>This is on a Debian 3.1 
> server.</DIV>
> <DIV>Just taking a crack at it would this be correct?</DIV>
> <DIV>iptables -A FORWARD -p tcp -i eth0 --sport 137:139 -j ACCEPT; accepts

> inside (eth0) connection to samba<BR>iptables -A FORWARD -p udp -i
eth0 
> --sport 137:139 -j ACCEPT</DIV></BODY></HTML>
>   
> ------------------------------------------------------------------------
>
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
>   
_______________________________________________
PLUG discussion list: plug at plug.org.au
http://www.plug.org.au/mailman/listinfo/plug
Committee e-mail: committee at plug.linux.org.au

More information about the plug mailing list