Samba What a struggle
Bevan C. Bennett
bevan at fulcrummicro.com
Wed Mar 3 21:02:45 UTC 2004
Alexander Dalloz wrote:
> Am Mi, den 03.03.2004 schrieb Andrew Robinson um 20:51:
>
>
>># Samba access
>>-A RH-Firewall-1-INPUT -m udp -p udp --dport 137:138 -j ACCEPT
>>-A RH-Firewall-1-INPUT -m udp -p udp --sport 137:138 -j ACCEPT
>>-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 139 -j ACCEPT
>>-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 445 -j ACCEPT
>>-A RH-Firewall-1-INPUT -m udp -p udp --dport 445 -j ACCEPT
>>-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 1512 -j ACCEPT
>>-A RH-Firewall-1-INPUT -m udp -p udp --dport 1512 -j ACCEPT
>>
>>I don't think all of these iptables entries are required to get Samba to
>>work. However, this works for me.
>
>
> .oO Be aware what you open up this way! You are at high risk to open
> your samba filesharing to the whole internet. Be sure you only open
> those ports on your local net and not on outbound devices.
>
Indeed!
That's pretty much the same set I'm running on my samba PDC (which is
behind a firewall), although I can say that you do -not- need the UDP
port 445 (445 only uses TCP).
Additionally, I believe you only need 1512 open if this system is the
network's WINS server.
More information about the fedora-list
mailing list