<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2802" name=GENERATOR></HEAD>
<BODY style="MARGIN-TOP: 2px; FONT: 10pt Arial; MARGIN-LEFT: 2px">This exactly
what I'm saying<BR><BR>>>> shannon.carver@gmail.com 9:45:06 pm
27/03/2006 >>><BR>Hi Jon,<BR><BR>Are you saying they can get to the
share with the firewall enabled if <BR>they browse directly to it?
(\\192.168.0.1\sharename) If so, it sounds <BR>like its just your NIS (I
think) thats having a problem. I think <BR>there's another port that can
be opened to allow smb/cifs browsing to <BR>work, I'll have to go dig through my
list of ports/programs now.<BR><BR>Shannon<BR><BR>Jon Miller wrote:<BR>> I
would like to know if there is a rule that can be created in iptables that would
allow a samba server shares to be seen on the internal LAN. The interface
is on eth0 the ip address of eth0 is 192.168.0.1. It seems that when I
applied a firewall I have blocked smb from showing up. Now the users
cannot see any shares via Network Neighborhood on both W2KP and WXP
workstations.I can map a drive via
Start->Run->\\192.168.0.1\sharename.<BR>> This is on a Debian 3.1
server.<BR>> Just taking a crack at it would this be correct?<BR>>
iptables -A FORWARD -p tcp -i eth0 --sport 137:139 -j ACCEPT; accepts inside
(eth0) connection to samba<BR>> iptables -A FORWARD -p udp -i eth0 --sport
137:139 -j ACCEPT<BR>> <BR>>
------------------------------------------------------------------------<BR>><BR>>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><BR>>
<HTML><HEAD><BR>> <META http-equiv=Content-Type
content="text/html; charset=us-ascii"><BR>> <META content="MSHTML
6.00.2900.2802" name=GENERATOR></HEAD><BR>> <BODY
style="MARGIN-TOP: 2px; FONT: 10pt Arial; MARGIN-LEFT: 2px"><BR>>
<DIV>I would like to know if there is a rule that can be created in
iptables <BR>> that would allow a samba server shares to be seen on the
internal LAN. The <BR>> interface is on eth0 the ip address of eth0
is 192.168.0.1. It seems that <BR>> when I applied a firewall I
have blocked smb from showing up. Now the <BR>> users cannot see
any shares via Network Neighborhood on both W2KP and WXP <BR>> workstations.I
can map a drive via <BR>>
Start->Run->\\192.168.0.1\sharename.<BR>This is on a Debian
3.1 <BR>> server.</DIV><BR>> <DIV>Just taking a crack at it
would this be correct?</DIV><BR>> <DIV>iptables -A FORWARD -p tcp
-i eth0 --sport 137:139 -j ACCEPT; accepts <BR>> inside
(eth0) connection to samba<BR>iptables -A FORWARD -p udp -i eth0
<BR>> --sport 137:139 -j
ACCEPT</DIV></BODY></HTML><BR>> <BR>>
------------------------------------------------------------------------<BR>><BR>>
_______________________________________________<BR>> PLUG discussion list:
plug@plug.org.au<BR>> <A
href="http://www.plug.org.au/mailman/listinfo/plug">http://www.plug.org.au/mailman/listinfo/plug</A><BR>>
Committee e-mail: committee@plug.linux.org.au<BR>>
<BR>_______________________________________________<BR>PLUG discussion list:
plug@plug.org.au<BR><A
href="http://www.plug.org.au/mailman/listinfo/plug">http://www.plug.org.au/mailman/listinfo/plug</A><BR>Committee
e-mail: committee@plug.linux.org.au<BR></BODY></HTML>