Samba help
Bevan C. Bennett
bevan at fulcrummicro.com
Fri Jan 9 01:15:06 UTC 2004
Andrew Robinson wrote:
> Knowing less about iptables than smb.conf and based on what I found in
> the existing /etc/sysconfig/iptables, I added these two lines:
>
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 137:139 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
>
> Are these the entries I _should_ add to iptables?
I ended up with the following on my samba PDC:
-A RH-Firewall-1-INPUT -p udp -m udp --dport 137:138 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --sport 137:138 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 139 -j ACCEPT
Note that 137 and 138 use UDP rather than TCP.
The following were neccessary for making samba a WINS server:
-A RH-Firewall-1-INPUT -p udp -m udp --dport 1512 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 1512 -j ACCEPT
(Well, I probably only need one of the tcp/udp, but opening both
shouldn't cause any security meltdowns at this stage... and it was
easier than figuring out which are actually neccessary.)
445 doesn't seem to have been neccessary for my purposes, YMMV.
More information about the fedora-list
mailing list