Samba help

[dalen]

> Knowing less about iptables than smb.conf and based on what I found in 
> the existing /etc/sysconfig/iptables, I added these two lines:
> 
>                                -A RH-Firewall-1-INPUT -m state --state 
> NEW -m tcp -p tcp --dport 137:139 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j 
> ACCEPT
> 
> Are these the entries I _should_ add to iptables?
> 
> Thanks!
> 
> Andrew Robinson

Andrew,
	Like you, I know little about iptables.  I googled and found that smb 
needs port 137-139(basic smb) and 445(for win2k clients IIRC). 
Initially, I setup the firewall for ssh only and noticed the following 
line...

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j 
ACCEPT

Using this as an example, I duplicated the above line for each 
port/protocol I needed as shown below.

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 137 -j 
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j 
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 138 -j 
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j 
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j 
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 139 -j 
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j 
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 445 -j 
ACCEPT

This may be opening more ports/protocols than neccesary and I may try to 
research it and close unneccesary ports later.  Another option is to use 
the redhat firewall script (I don't remember the name).  It basically 
asks which ports or service name to open and updates the iptables config 
file.

Dale