What ports shall i allow for samba?
Got samba working till i started the firewall....what ports does samba need?
|
137 (udp), 139 (tcp), and 445 (tcp)
|
I think it's 137, 138, 139, and 445.
good luck. |
138 (udp) is optional.
|
Thanks all
|
Actually guys....its not mapping the share now...and it does when i disable the firewall...i have put them port numbers in the control center of suse 8.2 firewall
|
Any ideas? anyone?
|
Did you make sure to specify the TCP/UDP allowances? Two of the neccesary ports are TCP ports and two are UDP.
From a command line type iptables -L (you have to be root) and paste the output in a post so we can see it. |
Chain INPUT (policy DROP)
target prot opt source destination ACCEPT all -- anywhere anywhere LOG all -- loopback/8 anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOFING ' LOG all -- anywhere loopback/8 LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOFING ' DROP all -- loopback/8 anywhere DROP all -- anywhere loopback/8 LOG all -- linux.local anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOFING ' DROP all -- linux.local anywhere LOG all -- linux.local anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOFING ' DROP all -- linux.local anywhere input_ext all -- anywhere linux.local input_int all -- anywhere linux.local DROP all -- anywhere 10.10.1.255 DROP all -- anywhere 255.255.255.255 DROP all -- anywhere 10.10.1.255 DROP all -- anywhere 255.255.255.255 LOG all -- anywhere linux.local LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCESS_DENIED_INT ' DROP all -- anywhere linux.local LOG all -- anywhere anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-ILLEGAL-TARGET ' DROP all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere LOG icmp -- anywhere anywhere icmp time-exceeded LOG level warning tcp-options ip-options prefix `SuSE-FW-TRACEROUTE-ATTEMPT ' ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp port-unreachable ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed ACCEPT icmp -- anywhere anywhere icmp network-prohibited ACCEPT icmp -- anywhere anywhere icmp host-prohibited ACCEPT icmp -- anywhere anywhere icmp communication-prohibited DROP icmp -- anywhere anywhere icmp destination-unreachable ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED LOG all -- anywhere anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-OUTPUT-ERROR ' Chain forward_dmz (0 references) target prot opt source destination Chain forward_ext (0 references) target prot opt source destination Chain forward_int (0 references) target prot opt source destination Chain input_dmz (0 references) target prot opt source destination LOG all -- 10.10.1.0/24 anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOF ' DROP all -- 10.10.1.0/24 anywhere LOG all -- 10.10.1.0/24 anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOF ' DROP all -- 10.10.1.0/24 anywhere ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply LOG icmp -- anywhere anywhere icmp redirect LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' LOG icmp -- anywhere anywhere icmp source-quench LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' LOG icmp -- anywhere anywhere icmp timestamp-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' LOG icmp -- anywhere anywhere icmp address-mask-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' LOG icmp -- anywhere anywhere icmp type 2 LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' DROP icmp -- anywhere anywhere reject_func tcp -- anywhere anywhere tcp dpt:ident flags:SYN,RST,ACK/SYN LOG tcp -- anywhere anywhere tcp dpt:sunrpc flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' DROP tcp -- anywhere anywhere tcp dpt:sunrpc flags:SYN,RST,ACK/SYN LOG tcp -- anywhere anywhere tcp dpt:ndmp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' DROP tcp -- anywhere anywhere tcp dpt:ndmp flags:SYN,RST,ACK/SYN LOG tcp -- anywhere anywhere tcp dpt:dnp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' DROP tcp -- anywhere anywhere tcp dpt:dnp flags:SYN,RST,ACK/SYN LOG tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp dpts:1024:65535 flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT ' ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp dpts:1024:65535 ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp dpts:ipcserver:65535 flags:!SYN,RST,ACK/SYN ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp dpt:ftp-data flags:!SYN,RST,ACK/SYN ACCEPT udp -- cache1.ntli.net anywhere state NEW,RELATED,ESTABLISHED udp spt:domain dpts:1024:65535 ACCEPT udp -- cache2.ntli.net anywhere state NEW,RELATED,ESTABLISHED udp spt:domain dpts:1024:65535 DROP udp -- anywhere anywhere udp dpt:bootpc DROP udp -- anywhere anywhere udp dpt:sunrpc DROP udp -- anywhere anywhere udp dpt:sunrpc DROP udp -- anywhere anywhere udp dpt:ndmp DROP udp -- anywhere anywhere udp dpt:ndmp DROP udp -- anywhere anywhere udp dpt:dnp DROP udp -- anywhere anywhere udp dpt:dnp ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED udp dpts:1024:65535 LOG tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp source-quench LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp redirect LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp echo-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp timestamp-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp address-mask-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG udp -- anywhere anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG all -- anywhere anywhere state INVALID LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT-INVALID ' DROP all -- anywhere anywhere Chain input_ext (1 references) target prot opt source destination LOG all -- 10.10.1.0/24 anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOF ' DROP all -- 10.10.1.0/24 anywhere LOG icmp -- 10.10.1.0/24 anywhere icmp source-quench LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT-SOURCEQUENCH ' ACCEPT icmp -- 10.10.1.0/24 anywhere icmp source-quench ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply LOG icmp -- anywhere anywhere icmp redirect LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' LOG icmp -- anywhere anywhere icmp source-quench LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' LOG icmp -- anywhere anywhere icmp timestamp-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' LOG icmp -- anywhere anywhere icmp address-mask-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' LOG icmp -- anywhere anywhere icmp type 2 LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' DROP icmp -- anywhere anywhere LOG tcp -- anywhere anywhere tcp dpt:netbios-ns flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT ' ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:netbios-ns LOG tcp -- anywhere anywhere tcp dpt:netbios-dgm flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT ' ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:netbios-dgm LOG tcp -- anywhere anywhere tcp dpt:netbios-ssn flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT ' ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:netbios-ssn LOG tcp -- anywhere anywhere tcp dpt:microsoft-ds flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT ' ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:microsoft-ds LOG tcp -- anywhere anywhere tcp dpt:http flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT ' ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:http reject_func tcp -- anywhere anywhere tcp dpt:ident flags:SYN,RST,ACK/SYN LOG tcp -- anywhere anywhere tcp dpt:sunrpc flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' DROP tcp -- anywhere anywhere tcp dpt:sunrpc flags:SYN,RST,ACK/SYN LOG tcp -- anywhere anywhere tcp dpt:ndmp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' DROP tcp -- anywhere anywhere tcp dpt:ndmp flags:SYN,RST,ACK/SYN LOG tcp -- anywhere anywhere tcp dpt:dnp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' DROP tcp -- anywhere anywhere tcp dpt:dnp flags:SYN,RST,ACK/SYN LOG tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp dpts:1024:65535 flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT ' ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp dpts:1024:65535 ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp dpts:ipcserver:65535 flags:!SYN,RST,ACK/SYN ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp dpt:ftp-data flags:!SYN,RST,ACK/SYN ACCEPT udp -- cache1.ntli.net anywhere state NEW,RELATED,ESTABLISHED udp spt:domain dpts:1024:65535 ACCEPT udp -- cache2.ntli.net anywhere state NEW,RELATED,ESTABLISHED udp spt:domain dpts:1024:65535 DROP udp -- anywhere anywhere udp dpt:bootpc DROP udp -- anywhere anywhere udp dpt:sunrpc DROP udp -- anywhere anywhere udp dpt:sunrpc DROP udp -- anywhere anywhere udp dpt:ndmp DROP udp -- anywhere anywhere udp dpt:ndmp DROP udp -- anywhere anywhere udp dpt:dnp DROP udp -- anywhere anywhere udp dpt:dnp ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED udp dpts:1024:65535 LOG tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp source-quench LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp redirect LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp echo-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp timestamp-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp address-mask-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG udp -- anywhere anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG all -- anywhere anywhere state INVALID LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT-INVALID ' DROP all -- anywhere anywhere Chain input_int (1 references) target prot opt source destination LOG all -- 10.10.1.0/24 anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOF ' DROP all -- 10.10.1.0/24 anywhere ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply LOG icmp -- anywhere anywhere icmp redirect LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' LOG icmp -- anywhere anywhere icmp source-quench LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' LOG icmp -- anywhere anywhere icmp timestamp-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' LOG icmp -- anywhere anywhere icmp address-mask-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' LOG icmp -- anywhere anywhere icmp type 2 LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' DROP icmp -- anywhere anywhere reject_func tcp -- anywhere anywhere tcp dpt:ident flags:SYN,RST,ACK/SYN LOG tcp -- anywhere anywhere tcp dpt:sunrpc flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' DROP tcp -- anywhere anywhere tcp dpt:sunrpc flags:SYN,RST,ACK/SYN LOG tcp -- anywhere anywhere tcp dpt:ndmp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' DROP tcp -- anywhere anywhere tcp dpt:ndmp flags:SYN,RST,ACK/SYN LOG tcp -- anywhere anywhere tcp dpt:dnp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' DROP tcp -- anywhere anywhere tcp dpt:dnp flags:SYN,RST,ACK/SYN LOG tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp dpts:1024:65535 flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT ' ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp dpts:1024:65535 ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp dpts:ipcserver:65535 flags:!SYN,RST,ACK/SYN ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp dpt:ftp-data flags:!SYN,RST,ACK/SYN ACCEPT udp -- cache1.ntli.net anywhere state NEW,RELATED,ESTABLISHED udp spt:domain dpts:1024:65535 ACCEPT udp -- cache2.ntli.net anywhere state NEW,RELATED,ESTABLISHED udp spt:domain dpts:1024:65535 DROP udp -- anywhere anywhere udp dpt:bootpc DROP udp -- anywhere anywhere udp dpt:sunrpc DROP udp -- anywhere anywhere udp dpt:sunrpc DROP udp -- anywhere anywhere udp dpt:ndmp DROP udp -- anywhere anywhere udp dpt:ndmp DROP udp -- anywhere anywhere udp dpt:dnp DROP udp -- anywhere anywhere udp dpt:dnp ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED udp dpts:1024:65535 LOG tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp source-quench LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp redirect LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp echo-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp timestamp-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp address-mask-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG udp -- anywhere anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG all -- anywhere anywhere state INVALID LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT-INVALID ' DROP all -- anywhere anywhere Chain reject_func (3 references) target prot opt source destination REJECT tcp -- anywhere anywhere reject-with tcp-reset REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable |
Quote:
netbios-ssn and microsoft-ds are TCP ports. netbios-ns and netbios-dgm are UDP ports. I actually don't allow netbios-dgm on my network because it is optional, but you need the netbios-ns UDP port open and you don't have a rule for that. |
how do i allow that port?
|
How do i add into the suse 8.2 yast control center because all it gives me is an expert option where i can enter port numbers but how do i specifiy what type tcp or udp etc
|
Code:
iptables -A INPUT -p tcp --dport netbios-ssn -j ACCEPT |
Ok...i have seen the GUI for the linux firewall in webmin, but it looks alot more complex than i thought...do i just add the new lines via the add new chain button or do i have to edit the specific lines
|
I don't really know how to help you there. I just wrote my own script to purge any and all existing rules and activate the ones I wanted. iptables is pretty easy to configure by hand.
|
All times are GMT -5. The time now is 11:44 PM. |