Samba What a struggle

Bevan C. Bennett bevan at fulcrummicro.com
Wed Mar 3 21:02:45 UTC 2004


Alexander Dalloz wrote:
> Am Mi, den 03.03.2004 schrieb Andrew Robinson um 20:51:
> 
> 
>># Samba access
>>-A RH-Firewall-1-INPUT -m udp -p udp --dport 137:138 -j ACCEPT
>>-A RH-Firewall-1-INPUT -m udp -p udp --sport 137:138 -j ACCEPT
>>-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 139 -j ACCEPT
>>-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 445 -j ACCEPT
>>-A RH-Firewall-1-INPUT -m udp -p udp --dport 445 -j ACCEPT
>>-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 1512 -j ACCEPT
>>-A RH-Firewall-1-INPUT -m udp -p udp --dport 1512 -j ACCEPT
>>
>>I don't think all of these iptables entries are required to get Samba to 
>>work. However, this works for me.
> 
> 
> .oO Be aware what you open up this way! You are at high risk to open
> your samba filesharing to the whole internet. Be sure you only open
> those ports on your local net and not on outbound devices.
> 

Indeed!
That's pretty much the same set I'm running on my samba PDC (which is 
behind a firewall), although I can say that you do -not- need the UDP 
port 445 (445 only uses TCP).

Additionally, I believe you only need 1512 open if this system is the 
network's WINS server.





More information about the fedora-list mailing list