Problem to configure samba with firewall debian

edeamat · 03-09-2012, 06:55 PM

Hi everybody. I need your help as soon as possible. I have my debian firewall with iptables and i need to get access through samba server.

My global configuration in samba server seems like this:

Quote:

[global]
log file = /var/log/samba/log.%m
guest account = nobody
socket options = TCP_NODELAY IPTOS_LOWDELAY
obey pam restrictions = no
interfaces = 192.168.10.1
encrypt passwords = yes
#smb ports = 139
passdb backend = smbpasswd
smb passwd file = /etc/samba/smbpasswd
dns proxy = no
workgroup = fincyt
os level = 20
security = share
syslog = 0
panic action = /usr/share/samba/panic-action %d
max log size = 1000
bind interfaces only = true
allow hosts = 192.168.10.2
read raw = yes
write raw = yes
max xmit = 65535
dead time = 15

And my iptables rules are:

Quote:

iptables -A INPUT -p tcp --dport 139 -m state --state NEW -s 192.168.10.2/24-j ACCEPT
iptables -A INPUT -p tcp --dport 445 -m state --state NEW -s 192.168.10.2/24 -j ACCEPT
iptables -A INPUT -p udp --dport 137 -m state --state NEW -s 192.168.10.2/24 -j ACCEPT
iptables -A INPUT -p udp --dport 138 -m state --state NEW -s 192.168.10.2/24 -j ACCEPT

Thank you very much for your help.

elfenlied · 03-11-2012, 08:18 PM

See this link for the ports required and explanation http://troy.jdmz.net/samba/fw/.

Aside from that it appears in your smb.conf you only want host 192.168.10.2 to access this server so you should be using -s 192.168.10.2/32 in your iptables commands.

edeamat · 03-13-2012, 03:36 PM

Thanks a lot for the link elfenlied. However, I'm still stuck as this problem. I can´t get to connect to my samba server at all. When i look for the logs there is nothing to see......

Anye help would be appreciated.

elfenlied · 03-13-2012, 05:35 PM

Are you trying to connect to the samba server with a PC that has an IP address of 192.168.10.2?

edeamat · 03-14-2012, 09:39 AM

Hi elfenlied. My IP address is 192.168.10.2. I can't see any event in the logs at all.

vp0619520 · 03-14-2012, 11:17 AM

What's your workgroup name in the Windows?I think udp don't have the 'state',so maybe you should change these iptables statements,and try again.
And is there any other iptables rules in the samba server?

elfenlied · 03-14-2012, 04:29 PM

Yes vp0619520 is right you should probably have both NEW and ESTABLISHED in your rules unless you have that somewhere else, the other thing I would try is turning off iptables for the moment. Verify that samba works then at least you know what it is that you have to fix to get it working.

edeamat · 03-14-2012, 05:10 PM

My workgroup is FINCYT. Sorry but i don't understand what you try to talk me. Could you give me more information.

The rules described before are in my iptables script which is located at my firewall.

Thank you.

edeamat · 03-14-2012, 05:47 PM

Sorry enfenlied. I did the same instructions as mention in this link http://troy.jdmz.net/samba/fw/.

Now, you can say that my rules should define as NEW and ESTABLISHED. I'm feeling a bit confused.

Thanks a lot.

elfenlied · 03-14-2012, 05:54 PM

Try stopping iptables first, and see if you can access your samba. If you can then it's likely to be a iptables problem, if not then it's possibly samba related.

edeamat · 03-15-2012, 10:13 AM

I can't stop iptables because the server is the firewall and forward all packages inside the network.

edeamat · 03-22-2012, 06:24 PM

Can anybody help me please with this issue?

Thanks.