LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-15-2010, 02:01 PM   #1
vinaytp
Member
 
Registered: Apr 2009
Location: Bengaluru, India
Distribution: RHEL 5.4, 6.0, Ubuntu 10.04
Posts: 704

Rep: Reputation: 55
iptable rule to open samba port


Dear All,

I have samba running on 192.168.100.209 and I am trying to open samba ports only for hosts in 192.168.100.0/24 network..

I have added following rules to iptables. But still I am not able to connect from machines from 192.168.100.0/24 network

Code:
iptables -A INPUT -s 192.168.100.0/24 -p tcp --dport 139 -j ACCEPT
iptables -A INPUT -s 192.168.100.0/24 -p tcp --dport 445 -j ACCEPT
What's wrong with the above rules ?
 
Old 06-15-2010, 02:28 PM   #2
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
How did you assess that iptables causes the problem, and not
your smb.conf?


Cheers,
Tink
 
Old 06-15-2010, 02:31 PM   #3
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 164Reputation: 164
Think you're missing a few ports and need to have some on udp--
Code:
iptables -A INPUT -p udp -s 192.168.100.0/24 --dport 137 -j ACCEPT
iptables -A INPUT -p udp -s 192.168.100.0/24 --dport 138 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.100.0/24 --dport 139 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.100.0/24 --dport 445 -j ACCEPT
It may need to be allowed on the forward chain depending on other rules also and how you've got things setup and where this device sets in the grand scheme.

As the previous poster suggested, verify it's NOT your smb.conf settings (eg: flush the tables and see if its accessible.) Also of note would being sure these aren't being loaded after a drop/etc that is catching them.

Last edited by rweaver; 06-15-2010 at 02:34 PM.
 
Old 06-16-2010, 02:33 AM   #4
vinaytp
Member
 
Registered: Apr 2009
Location: Bengaluru, India
Distribution: RHEL 5.4, 6.0, Ubuntu 10.04
Posts: 704

Original Poster
Rep: Reputation: 55
Thanks for your your reply.

The issue is due to firewall because, If I allow the traffic from all the sources with following iptable rules then connection is getting established from the remote machine.

Code:
-A INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
But when I try to open a particular port for a specific network, it doesn't work. Let's take sshd daemon example.

This works fine
Code:
-A INPUT -m state --state NEW -m udp -p udp --dport 22 -j ACCEPT
This doesn't allow traffic even from 172.17.70.0/24 network.
Code:
iptables -A INPUT -s 172.17.70.0/24 -p tcp --dport 22 -j ACCEPT

Last edited by vinaytp; 06-16-2010 at 02:35 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptable how many rule iptable can manage toure32 Linux - Networking 1 05-13-2010 05:34 AM
iptable rule vinaytp Linux - Newbie 1 10-26-2009 02:39 AM
Same Iptable rule to be avoided? Santoshkb Linux - Networking 2 12-21-2007 06:55 AM
complex iptable rule help farhan Linux - Security 2 08-31-2005 10:58 PM
iptable rule for rmi bijuhpd Linux - Newbie 2 04-27-2005 01:42 AM


All times are GMT -5. The time now is 02:22 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration