[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Connecting to a Win Computer with Samba



Basil Copeland wrote:
I am too having this problem my network consists of Windows XP.I can
see the linux shares from Windows but not the windows share from the
Linux.

Any help would be appreciate.

Thanks & Regards


Do you have IPTABLES blocking the ports needed by smb?

Basil


An excellent point. Running Samba without opening the ports on IPTABLES is a common-enough error. I've made it myself. WinXP/SP2, of course, now has its own firewall that recognizes local shares--and Zone Labs has a firewall that lets you define "trusted zones" consisting of whatever subnets you care to define. But when you're working with IPTABLES, you have to get your hands dirty.


Here's a solution I developed, in consultation with a networking expert who uses Fedora extensively at our church. Make sure your file /etc/sysconfig/iptables has the following lines in the appropriate place in the sequence:

-A RH-Firewall-1-INPUT -p udp -m udp -s 192.168.1.0/24 --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp -s 192.168.1.0/24 --sport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp -s 192.168.1.0/24 --sport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp -s 192.168.1.0/24 --sport 445 -j ACCEPT

Depending on what sort of router you use, you need to open each port as /both/ a source port /and/ a destination port, each on a separate line. That will make /sure/ that IPTABLES will not drop your Samba packets.


Just to be clear, the ports you need to open are UDP port 137 and TCP ports 139 and 445. I use that setup right now to connect to and from a machine running WinXP/SP2.

The "-s 192.168.1.0/24" means "make this good only for subnet 192.168.1.0/255.255.255.0." That's the typical "down network" that most SO/HO routers define. To sniff these out and verify them, I used Ethereal while making a Samba connection. By limiting it to this subnet, I make sure that my box is not open to any old hacker anywhere else on the Internet who wants to "connect" to my Samba shares--or anything else on my box--through those ports.

I /do not/ recommend disabling the firewall. Instead, I recommend that you learn how to use it effectively to "clear" only certain transactions and maintain the protection that a firewall gives you.

Temlakos


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]