HPE Community
Operating System - Linux
1753388 Members
7374 Online
108792 Solutions
New Discussion юеВ

Re: SAMBA and IPTABLES...

 
SOLVED
Go to solution
Leandro Sales
Advisor

тАО12-03-2001 02:54 PM

тАО12-03-2001 02:54 PM

SAMBA and IPTABLES...

Hi, What other port should I allow to accept smb connection using IPTables? I??m allowing 137:139 just TCP?

/etc/services:
...
...
netbios-ns 137/tcp
netbios-ns 137/udp
netbios-dgm 138/tcp
netbios-dgm 138/udp
netbios-ssn 139/tcp
netbios-ssn 139/udp
...
...

Any clue?
0 Kudos
Reply
7 REPLIES 7
Leandro Sales
Advisor

тАО12-03-2001 03:06 PM

тАО12-03-2001 03:06 PM

Re: SAMBA and IPTABLES...

and 137:139 UDP ports too...
0 Kudos
Reply
Mark Fenton
Esteemed Contributor

тАО12-03-2001 05:00 PM

тАО12-03-2001 05:00 PM

Re: SAMBA and IPTABLES...

As far as which ports should be allowed -- you've got it. Check your other configuration settings though, to ensure that you are allowing smb connections from the proper hosts/networks.
0 Kudos
Reply
Marco Paganini
Respected Contributor

тАО12-03-2001 08:34 PM

тАО12-03-2001 08:34 PM

Re: SAMBA and IPTABLES...

Hello Leandro.

If you use iptables, you can use the 'state' modules to track the connection status for you. In that case, allow:

- any port -> udp or tcp 137, 138 and 139, connect status NEW,ESTABLISHED,RELATED

Hope it helps,
Paga
Keeping alive, until I die.
0 Kudos
Reply
Leandro Sales
Advisor

тАО12-05-2001 01:51 PM

тАО12-05-2001 01:51 PM

Re: SAMBA and IPTABLES...

Ok. I'm going to test tomorrow, now I can't do this...

Leandro.
0 Kudos
Reply
Mike Hassell
Respected Contributor

тАО12-06-2001 07:39 AM

тАО12-06-2001 07:39 AM

Re: SAMBA and IPTABLES...

Leandro,

Looks like you've got everything you need to let netbios traffic into your samba (linux) host.

I just wanted to mention that I would be very cautious with this type of configuration if this server is directly connected to the internet as the security aspects of the SMB protocol are a bit weak to say the least. I assume that this machine is behind some other type of firewall, be it hardware or software, if this is the case, then I wouldn't worry as much, however if you're allowing incoming smb connections from the internet, be sure to monitor it very closely.

-Mike
The network is the computer, yeah I stole it from Sun, so what?
0 Kudos
Reply
Leandro Sales
Advisor

тАО12-06-2001 11:57 AM

тАО12-06-2001 11:57 AM

Re: SAMBA and IPTABLES...

Hi Mike, Thanks...
The server that I use SAMBA has two interfaces for for Internal and another for a external network (Internet). I will allow incoming connection just for the internal interface, Any problem?
0 Kudos
Reply
Mark Fenton
Esteemed Contributor

тАО12-06-2001 06:33 PM

тАО12-06-2001 06:33 PM

Solution

Re: SAMBA and IPTABLES...

Leandro,

When I was getting my SAMBA setup going a few months back -- I found the book from O'Reilly very helpful, especially the troubleshooting section:

http://www.oreilly.com/catalog/samba/chapter/book/ch09_01.html

I expect that you have already tried most of these steps already, but are still having trouble.

Since you are limiting your smb connections to your internal network -- in order to ensure that the smb distribution itself is not to blame, try allowing all services on the internal network (temporarily) and then step through shutting down services that are not needed/desired. This'll at least help to identify whether the problems you are facing are being generated by your IPTABLES rules originate from elsewhere.

hth
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.