smb mounts

Mark Knecht markknecht at gmail.com
Wed Jan 26 23:06:07 UTC 2005 

On Wed, 26 Jan 2005 14:54:26 -0800, Mark Knecht <markknecht at gmail.com> wrote:
> On Wed, 26 Jan 2005 14:48:33 -0800, Rick Stevens
> <rstevens at vitalstream.com> wrote:
> 
> > > HOW DO I CHECK iptables???? I think thisis very possibly it.
> >
> > "iptables -L -n" will dump the tables.  Remember, you're looking for
> > lines that appear similar to:
> >
> >         ACCEPT   tcp  --  192.168.10.0/24  0.0.0.0/0   tcp dpt:137
> >         ACCEPT   tcp  --  192.168.10.0/24  0.0.0.0/0   tcp dpt:138
> >         ACCEPT   tcp  --  192.168.10.0/24  0.0.0.0/0   tcp dpt:139
> >         ACCEPT   udp  --  192.168.10.0/24  0.0.0.0/0   udp dpt:137
> >         ACCEPT   udp  --  192.168.10.0/24  0.0.0.0/0   udp dpt:138
> >         ACCEPT   udp  --  192.168.10.0/24  0.0.0.0/0   udp dpt:139
> >
> 
> Where do I put these? /etc/sysconfig/iptables it looks like?
> 
> thanks,
> Mark
> 

OK, I found system-config-securitylevels which allows me to enter
custom ports to allow through. Now I have these rules:

[root at dragonfly ~]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
[root at dragonfly ~]#

which look at least reasonable. However smbclient still refuses to connect.

smbtree sees many machines:
[root at dragonfly ~]# smbtree
Password:
MSHOME
        \\PROTOOLS
                \\PROTOOLS\C$                   Default share
                \\PROTOOLS\ADMIN$               Remote Admin
                \\PROTOOLS\G$                   Default share
                \\PROTOOLS\SharedDocs
                \\PROTOOLS\print$               Printer Drivers
                \\PROTOOLS\IPC$                 Remote IPC
                \\PROTOOLS\E$                   Default share
        \\GODZILLA                      Samba Server
                \\GODZILLA\ADMIN$               IPC Service (Samba Server)
                \\GODZILLA\IPC$                 IPC Service (Samba Server)
                \\GODZILLA\homes                Home Directories
        \\GIGASTUDIO
                \\GIGASTUDIO\SharedDocs
                \\GIGASTUDIO\IPC$               Remote IPC
        \\DRAGONFLY                     Samba Server
                \\DRAGONFLY\ADMIN$              IPC Service (Samba Server)
                \\DRAGONFLY\IPC$                IPC Service (Samba Server)
                \\DRAGONFLY\MusicLib
[root at dragonfly ~]#

More information about the Redhat-install-list mailing list