[plug] cannot see smaba shares with firewall enabled.
Russell Steicke
r.steicke at bom.gov.au
Tue Mar 28 09:57:01 WST 2006
On Mon, Mar 27, 2006 at 09:46:26PM +0800, Jon Miller wrote:
> I would like to know if there is a rule that can be created in
> iptables that would allow a samba server shares to be seen on the
> internal LAN.
Direct from my own rule set:
iptables -A INPUT -s 10.1.1.0/255.255.255.0 -p udp -m udp --dport 137 -j ACCEPT
iptables -A INPUT -s 10.1.1.0/255.255.255.0 -p udp -m udp --sport 137 -j ACCEPT
iptables -A INPUT -s 10.1.1.0/255.255.255.0 -p tcp -m tcp --dport 138 -j ACCEPT
iptables -A INPUT -s 10.1.1.0/255.255.255.0 -p tcp -m tcp --dport 139 -j ACCEPT
iptables -A INPUT -s 10.1.1.0/255.255.255.0 -p tcp -m tcp --dport 445 -j ACCEPT
The first one was added when I found I couldn't print from my linux
box to a printer on a windows box, so isn't directly related to your
question. This was all done by experimenting and watching traffic
with ethereal.
You'll also need to accept the corresponding output traffic. I do
that with an OUTPUT chain policy:
iptables -P OUTPUT ACCEPT
Google turns up a few pages about this, and some of them allow udp
port 138 instead of tcp port 138 as above. But this set works for me.
--
Russell Steicke
-- Fortune says:
The notion of a "record" is an obsolete remnant of the days of the 80-column
card.
-- Dennis M. Ritchie
More information about the plug
mailing list