[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Connecting to a Win Computer with Samba



Temlakos wrote:
Basil Copeland wrote:

I am too having this problem my network consists of Windows XP.I can
see the linux shares from Windows but not the windows share from the
Linux.

Any help would be appreciate.

Thanks & Regards



Do you have IPTABLES blocking the ports needed by smb? Basil


An excellent point. Running Samba without opening the ports on IPTABLES is a common-enough error. I've made it myself. WinXP/SP2, of course, now has its own firewall that recognizes local shares--and Zone Labs has a firewall that lets you define "trusted zones" consisting of whatever subnets you care to define. But when you're working with IPTABLES, you have to get your hands dirty.


Here's a solution I developed, in consultation with a networking expert who uses Fedora extensively at our church. Make sure your file /etc/sysconfig/iptables has the following lines in the appropriate place in the sequence:

-A RH-Firewall-1-INPUT -p udp -m udp -s 192.168.1.0/24 --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp -s 192.168.1.0/24 --sport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp -s 192.168.1.0/24 --sport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp -s 192.168.1.0/24 --sport 445 -j ACCEPT


Depending on what sort of router you use, you need to open each port as /both/ a source port /and/ a destination port, each on a separate line. That will make /sure/ that IPTABLES will not drop your Samba packets.

Just to be clear, the ports you need to open are UDP port 137 and TCP ports 139 and 445. I use that setup right now to connect to and from a machine running WinXP/SP2.

The "-s 192.168.1.0/24" means "make this good only for subnet 192.168.1.0/255.255.255.0." That's the typical "down network" that most SO/HO routers define. To sniff these out and verify them, I used Ethereal while making a Samba connection. By limiting it to this subnet, I make sure that my box is not open to any old hacker anywhere else on the Internet who wants to "connect" to my Samba shares--or anything else on my box--through those ports.

It'd be best if you verify that those ports are closed on the WAN side of your router as well. Your Linux box may be protected by iptables, the rest of your network ain't. ---------------------------------------------------------------------- - Rick Stevens, Senior Systems Engineer rstevens vitalstream com - - VitalStream, Inc. http://www.vitalstream.com - - - - Do you know where _your_ towel is? - ----------------------------------------------------------------------


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]