Iptables rule for windows file sharing?
Jeremy Davis
jdaytona at gmail.com
Fri Jan 28 20:58:37 UTC 2005
Maybe this will help...
#!/bin/bash
SAMBA_SERVER="192.168.1.100 "
NETWORK="192.168.1.0/24" # Local area network
BROADCAST="192.168.255.255" # Local area network Broadcast Address
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -p udp -s $NETWORK -d $SAMBA_SERVER \
-m multiport --dports 137,138 -j ACCEPT
iptables -A INPUT -p tcp -s $NETWORK -d $SAMBA_SERVER -m multiport \
--dports 139,445 -j ACCEPT
iptables -A INPUT -p udp -s $NETWORK -d $BROADCAST --dport 137 \
-j ACCEPT
iptables -A INPUT -p udp -d $SAMBA_SERVER -m multiport \
--dports 137,138 -j DROP
iptables -A INPUT -p tcp -d $SAMBA_SERVER -m multiport \
--dports 139,445 -j DROP
iptables -A OUTPUT -s $SAMBA_SERVER -d $NETWORK -m state --state \
ESTABLISHED,RELATED -j ACCEPT
Haven't used this but it's worth an attempt.
J
On Fri, 28 Jan 2005 15:40:12 -0500, Temlakos <temlakos at gmail.com> wrote:
> On Fri, 28 Jan 2005 13:02:27 -0600, Dale Sykora <dalen at czexan.net> wrote:
>
> > I remember having to open port 445 also.
> > Here is what worked for me from /etc/sysconfig/iptables
> >
> > -A RH-Firewall-1-INPUT -p udp --dport 137:138 -j ACCEPT
> > -A RH-Firewall-1-INPUT -p tcp --dport 139 -j ACCEPT
> > -A RH-Firewall-1-INPUT -p tcp --dport 445 -j ACCEPT
>
> I just tried the above. And whenever I restart with that
> configuration, I can't see my Windows box, or my own box, at all in
> the "Networks" folder. Samba and Windows must be using some port or
> ports other than those above.
>
> And just so everyone understands, I try to limit it to just my home
> network, thus:
>
> -A RH-Firewall-1-INPUT -s 192.168.1.0/24 -p udp --dport 137:138 -j ACCEPT
> -A RH-Firewall-1-INPUT -s 192.168.1.0/24 -p tcp --dport 139 -j ACCEPT
> -A RH-Firewall-1-INPUT -s 192.168.1.0/24 -p tcp --dport 445 -j ACCEPT
>
> And as I say, I still don't have enough ports open.
>
> I've also tried opening all TCP and UDP ports between 135 and 139, and
> both the TCP and the UDP ports numbered 445. Still no result.
>
> Temlakos
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>
More information about the fedora-list
mailing list