Samba and IPChains
 

I currently have RedHat 7.2 networked with one Win2k client through Samba. On the Win2k client I am able to see and access
Linux shares through Network Neighborhood. When the following IPChains file is used I am no longer able to access my LAN (pai) through Network Neighborhood on the Win2k client. If I remove the second to the last line in IPChains file it will work, but that is not the real fix!

<IPChains File>
:input ACCEPT
:forward ACCEPT
:output ACCEPT
# Loopback 127.0.0.1
-A input -s 0/0 -d 0/0 -i lo -j ACCEPT
-A input -s 0/0 -d 0/0 80 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 21 -p tcp -y -j ACCEPT
-A input -s 0/0 67:68 -d 0/0 67:68 -p udp -i eth0 -j ACCEPT
-A input -p udp -s 0/0 -d 0/0 0:1023 -j ACCEPT
# MySQL Port 3306
-A input -s 0/0 -d 0/0 3306 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 3306 -p udp -j ACCEPT
# Deny telnet port 23 access
-A input -p tcp --dport 23 -j DENY
# Deny "pinging" on this machine
-A input -p icmp -j DENY
# Deny tcp/udp not previously defined
-A input -s 0/0 -d 0/0 -p tcp -y -j DENY (remove-will work)
-A input -s 0/0 -d 0/0 -p udp -j DENY

Both machines have static IPs and the IP/hostnames are resolved using /etc/hosts as follows:

192.168.5.5 daytona (Linux box)
192.168.5.3 dylan (Win2k client)
127.0.0.1 daytona.pai

I believe I need to allow input on port 53 (DNS) to resolve this issue with Samba, but not sure exactly how.
Any help would be appreciated...... I've been scratching my head
a day or 2 on this one.

You need to allow udp traffic on ports 137,138,139 for Network Neighbourhood to work,
The ipchains tutorial is here http://tldp.org/HOWTO/IPCHAINS-HOWTO.html

To get Network Neighborhood fully functional I had to allow udp and tcp traffic on the NetBIOS ports you mentioned. Works great now thanks for the help!