smb mounts
Mark Knecht
markknecht at gmail.com
Wed Jan 26 23:06:07 UTC 2005
On Wed, 26 Jan 2005 14:54:26 -0800, Mark Knecht <markknecht at gmail.com> wrote:
> On Wed, 26 Jan 2005 14:48:33 -0800, Rick Stevens
> <rstevens at vitalstream.com> wrote:
>
> > > HOW DO I CHECK iptables???? I think thisis very possibly it.
> >
> > "iptables -L -n" will dump the tables. Remember, you're looking for
> > lines that appear similar to:
> >
> > ACCEPT tcp -- 192.168.10.0/24 0.0.0.0/0 tcp dpt:137
> > ACCEPT tcp -- 192.168.10.0/24 0.0.0.0/0 tcp dpt:138
> > ACCEPT tcp -- 192.168.10.0/24 0.0.0.0/0 tcp dpt:139
> > ACCEPT udp -- 192.168.10.0/24 0.0.0.0/0 udp dpt:137
> > ACCEPT udp -- 192.168.10.0/24 0.0.0.0/0 udp dpt:138
> > ACCEPT udp -- 192.168.10.0/24 0.0.0.0/0 udp dpt:139
> >
>
> Where do I put these? /etc/sysconfig/iptables it looks like?
>
> thanks,
> Mark
>
OK, I found system-config-securitylevels which allows me to enter
custom ports to allow through. Now I have these rules:
[root at dragonfly ~]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
[root at dragonfly ~]#
which look at least reasonable. However smbclient still refuses to connect.
smbtree sees many machines:
[root at dragonfly ~]# smbtree
Password:
MSHOME
\\PROTOOLS
\\PROTOOLS\C$ Default share
\\PROTOOLS\ADMIN$ Remote Admin
\\PROTOOLS\G$ Default share
\\PROTOOLS\SharedDocs
\\PROTOOLS\print$ Printer Drivers
\\PROTOOLS\IPC$ Remote IPC
\\PROTOOLS\E$ Default share
\\GODZILLA Samba Server
\\GODZILLA\ADMIN$ IPC Service (Samba Server)
\\GODZILLA\IPC$ IPC Service (Samba Server)
\\GODZILLA\homes Home Directories
\\GIGASTUDIO
\\GIGASTUDIO\SharedDocs
\\GIGASTUDIO\IPC$ Remote IPC
\\DRAGONFLY Samba Server
\\DRAGONFLY\ADMIN$ IPC Service (Samba Server)
\\DRAGONFLY\IPC$ IPC Service (Samba Server)
\\DRAGONFLY\MusicLib
[root at dragonfly ~]#
More information about the Redhat-install-list
mailing list