LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-01-2004, 08:02 PM   #1
12345671
LQ Newbie
 
Registered: Mar 2004
Posts: 5

Rep: Reputation: 0
how to open port for Linux Samba for windows users


I meet the problem to let windos users (WIN2X/XP) to enter Linux samba server, I think it is related with iptables set up.
I have Redhat9 box, when I choose "no firewall", then windows users can log in Linux samba server with their samba user name and password. If I choose high security firewall, even I open the port 137,138,139 like the follwoings, windoes users can not access Linux samba server, the error is :
\\RH9 is not accessible , the network path cannot find.

Could someone tell me what shall I add in my iptables to make windows user enter samba server? In my iptabels I only open DHCP , SSH and 137-139.

the folliwing is my iptables, I think I should also open other port, but don't know. Thanks for your help,

# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
# firewall; such entries will *not* be listed here.
*filter
INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -i eth0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -i eth1 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 130.95.100.5 --sport 53 -d 0/0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT
-A INPUT -p tcp -s 192.168.0.1/24 --dport 139 --syn -j ACCEPT
-A INPUT -p udp -s 192.168.0.1/24 --dport 138 -j ACCEPT
-A INPUT -p udp -s 192.168.0.1/24 --dport 137 -j ACCEPT
COMMIT
 
Old 03-03-2004, 11:31 PM   #2
Mainframe
LQ Newbie
 
Registered: Mar 2004
Location: Canada
Distribution: SLACKWARE LINUX - Since 1993
Posts: 15

Rep: Reputation: 0
well i havnt really read over your post but it makes sence not to firewall when your setting up things like samba. You will need to open TCP and UDP ports 137 through 139 as well.
 
Old 03-04-2004, 12:56 AM   #3
12345671
LQ Newbie
 
Registered: Mar 2004
Posts: 5

Original Poster
Rep: Reputation: 0
While in my iptables I have open TCP port 139, UDP port 137 and 138. Is that right?
I think Samba server uses tcp port 139, udp port 137 and 138. Is that all?
 
Old 03-04-2004, 01:25 AM   #4
chrisfirestar
Member
 
Registered: Sep 2003
Location: Adelaide, Australia
Distribution: Fedora/RH
Posts: 231

Rep: Reputation: 30
Quote:
-A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT
this comes Before your INPUT commands for the udp packets to 13*

this could be your problem.. i would suggest getting an actual iptables script and running that because at least then YOU KNOW WHAT YOU ARE GETTING! right :P

as you may or may not know iptables will run in order.. if a packet isnt relevant to one rule it is passed onto the next and so on.. BUT if the packet is relevant it does its job and the packet wont go through any more rules

Thanks
Chris
 
Old 03-04-2004, 01:51 AM   #5
12345671
LQ Newbie
 
Registered: Mar 2004
Posts: 5

Original Poster
Rep: Reputation: 0
You are right, I am really not famillar with iptables, didn't notice that one. I will try again, let you know the result. Really a stupid mistake
 
Old 03-04-2004, 01:53 AM   #6
chrisfirestar
Member
 
Registered: Sep 2003
Location: Adelaide, Australia
Distribution: Fedora/RH
Posts: 231

Rep: Reputation: 30
I spent days cracking my head over "stupid mistakes" like that :P very easy to do... just think of it very lateral... be one with the packet and think what rules will affect u hahaha thats heaps nerdy isnt it!! hehe
 
Old 03-08-2004, 02:42 AM   #7
12345671
LQ Newbie
 
Registered: Mar 2004
Posts: 5

Original Poster
Rep: Reputation: 0
Hi my samba is working now. I build a iptables according to a good example, stop the one on ntsysv, then put this script on rc.local to start at boot.

That is true, for samba, if you really open the 139/tcp and udp/137/138, it should be working, after it is how you configure smb.conf file.

Learn little by little,
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how am I supposed to setup my router on my linux, so that i can open ssh 22 port? babyboss Linux - Networking 9 09-23-2004 07:33 AM
IBM.com/open is closed to Linux users? macewan Linux - Software 3 01-12-2004 05:14 AM
samba file share with windows users Peds222 Linux - Software 6 08-22-2003 12:07 PM
Samba (port 139) open to the world Tezdread Linux - Networking 4 03-09-2003 10:17 AM
samba, and users, and windows, OHH MY! tengofamilia Linux - Networking 1 01-27-2003 12:09 PM


All times are GMT -5. The time now is 02:17 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration