[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Samba/iptables problem



Daniel Loomis wrote:

Since upgrading from 2.1.1 to 3.1.1 I have had problems with a conflict between samba and the iptables firewall. I have added ports 137-139 to the iptables configuration (using lokkit)to allow netbios tcp traffic to pass through.

When iptables is started, I can no longer access the server via netbios (from windows or linux boxes) via eth1. eth0 is trusted and connects my thin clients.

Do I need to add passthrough for udp traffic on ports 137-139?

It might not be iptables at all, check /etc/samba/smb.conf for the 'hosts allow' section. Your allowed networks should be listed there In my case the line from smb.conf looks like this.


hosts allow = 192.168.0. 192.168.2. 127. 10.0.1.
You'll have to replace 10.0.1. with your network segment.


You can check /var/log/samba/smbd.log for lines like this, to see if this is your problem.

[2003/06/17 16:39:29, 0] lib/access.c:check_access(333)
Denied connection from  (10.0.1.201)

In case it is iptables:
I don't think you have to add UDP, IIRC, but you may also have to add tcp port 445 if you use Windows 2000 or XP clients. Here are the snippets from /etc/sysconfig/iptables that work for me. They may need to be adjusted to match your file, or you could just use lokkit to add tcp port 445.


137-139 and 445 are all bad ports to have open to the internet, and are constantly scanned, so you may want to limit traffic to your local network segment as I have here. To customise it, replace the 10.0.1.0/24 with your own network segment. (mine specifies hosts from 10.0.1.1-10.0.1.254, unless I am mistaken). Also check that the RH-Lokkit-0-50-INPUT matches what is defined at the top of the file.

#allow clients on 10.0.1.x to connect to samba
#
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp -s 10.0.1.0/24 -d 0/0 --dport 137:139 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp -s 10.0.1.0/24 -d 0/0 --dport 445 --syn -j ACCEPT
#
#end samba


HTH,
Ben Nickell








[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]