iptables and samba problem

linux obsessed · 02-27-2009, 09:17 AM

hello to every one
at first i installed debian 5
and i want enter on my workgroup using windows xp pcs,in same time i want use firewall
now when i stop firewall i can access on the pcs
but when i start iptables and open port for samba such as 137,138,138 and 445 i can't access on any pc on workgruop
this is the output of iptables -L command

Code:

Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:netbios-ns state NEW 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:netbios-dgm state NEW 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:netbios-ssn state NEW 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:microsoft-ds state NEW 

Chain FORWARD (policy DROP)
target     prot opt source               destination         

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere

now i want know what's my error and how i resolve it
thanks for all in this great forum

allend · 02-28-2009, 05:49 AM

Try removing --state NEW on the firewall rules for the Samba ports.

linux obsessed · 02-28-2009, 08:24 AM

same problem after removing
this commands i entered

Code:

 iptables -I INPUT -p udp --dport 137 -j ACCEPT
 iptables -I INPUT -p udp --dport 138 -j ACCEPT
 iptables -I INPUT -p tcp --dport 139 -j ACCEPT
 iptables -I INPUT -p tcp --dport 445 -j ACCEPT

and this output of iptables -L

Code:

Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:microsoft-ds 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:netbios-ssn 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:netbios-dgm 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:netbios-ns 
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 

Chain FORWARD (policy DROP)
target     prot opt source               destination         

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere

thank you

allend · 03-01-2009, 07:53 AM

Quote:

iptables -I INPUT -p udp --dport 137 -j ACCEPT
iptables -I INPUT -p udp --dport 138 -j ACCEPT
iptables -I INPUT -p tcp --dport 139 -j ACCEPT
iptables -I INPUT -p tcp --dport 445 -j ACCEP

Try changing -I to -A.

These are the rules in my firewall script to allow Samba to my local 10.1.1. network

Quote:

$IPTABLES -A INPUT -i $EXTIF -s 10.1.1.1/27 -p udp --dport 137 -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -s 10.1.1.1/27 -p udp --dport 138 -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -s 10.1.1.1/27 -p tcp --dport 139 -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -s 10.1.1.1/27 -p tcp --dport 445 -j ACCEPT

linux obsessed · 03-01-2009, 08:58 AM

same problem no new
i am waiting the resolve
thanks

linux obsessed · 03-01-2009, 10:30 PM

i fixed problem by enter to pc by his ip address as smb://10.0.0.20
but cant by his name
thanks

linux obsessed · 03-02-2009, 07:33 AM

forget it with out open any port and firewall started