LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page What ports shall i allow for samba?
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
Page 1 of 2 1 2
  Search this Thread
Old 01-27-2005, 05:10 PM   #1
ginda
Member
 
Registered: Mar 2004
Distribution: SUSE8.2, 9.2, Knoppix
Posts: 323

Rep: Reputation: 31
What ports shall i allow for samba?

Got samba working till i started the firewall....what ports does samba need?
 
Old 01-27-2005, 05:23 PM   #2
jtshaw
Senior Member
 
Registered: Nov 2000
Location: Seattle, WA USA
Distribution: Ubuntu @ Home, RHEL @ Work
Posts: 3,892
Blog Entries: 1

Rep: Reputation: 67
137 (udp), 139 (tcp), and 445 (tcp)
 
Old 01-27-2005, 05:27 PM   #3
Peacedog
LQ Guru
 
Registered: Sep 2003
Location: Danville, VA
Distribution: Slackware, Windows, FreeBSD, OpenBSD, Mac OS X
Posts: 5,296

Rep: Reputation: 168Reputation: 168
I think it's 137, 138, 139, and 445.
good luck.
 
Old 01-27-2005, 05:28 PM   #4
jtshaw
Senior Member
 
Registered: Nov 2000
Location: Seattle, WA USA
Distribution: Ubuntu @ Home, RHEL @ Work
Posts: 3,892
Blog Entries: 1

Rep: Reputation: 67
138 (udp) is optional.
 
Old 01-28-2005, 01:22 PM   #5
ginda
Member
 
Registered: Mar 2004
Distribution: SUSE8.2, 9.2, Knoppix
Posts: 323

Original Poster
Rep: Reputation: 31
Thanks all
 
Old 01-28-2005, 01:43 PM   #6
ginda
Member
 
Registered: Mar 2004
Distribution: SUSE8.2, 9.2, Knoppix
Posts: 323

Original Poster
Rep: Reputation: 31
Actually guys....its not mapping the share now...and it does when i disable the firewall...i have put them port numbers in the control center of suse 8.2 firewall
 
Old 01-29-2005, 02:50 AM   #7
ginda
Member
 
Registered: Mar 2004
Distribution: SUSE8.2, 9.2, Knoppix
Posts: 323

Original Poster
Rep: Reputation: 31
Any ideas? anyone?
 
Old 01-29-2005, 11:56 AM   #8
jtshaw
Senior Member
 
Registered: Nov 2000
Location: Seattle, WA USA
Distribution: Ubuntu @ Home, RHEL @ Work
Posts: 3,892
Blog Entries: 1

Rep: Reputation: 67
Did you make sure to specify the TCP/UDP allowances? Two of the neccesary ports are TCP ports and two are UDP.

From a command line type iptables -L (you have to be root) and paste the output in a post so we can see it.
Last edited by jtshaw; 01-29-2005 at 11:59 AM.
 
Old 01-29-2005, 02:45 PM   #9
ginda
Member
 
Registered: Mar 2004
Distribution: SUSE8.2, 9.2, Knoppix
Posts: 323

Original Poster
Rep: Reputation: 31
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
LOG all -- loopback/8 anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOFING '
LOG all -- anywhere loopback/8 LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOFING '
DROP all -- loopback/8 anywhere
DROP all -- anywhere loopback/8
LOG all -- linux.local anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOFING '
DROP all -- linux.local anywhere
LOG all -- linux.local anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOFING '
DROP all -- linux.local anywhere
input_ext all -- anywhere linux.local
input_int all -- anywhere linux.local
DROP all -- anywhere 10.10.1.255
DROP all -- anywhere 255.255.255.255
DROP all -- anywhere 10.10.1.255
DROP all -- anywhere 255.255.255.255
LOG all -- anywhere linux.local LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCESS_DENIED_INT '
DROP all -- anywhere linux.local
LOG all -- anywhere anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-ILLEGAL-TARGET '
DROP all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
LOG icmp -- anywhere anywhere icmp time-exceeded LOG level warning tcp-options ip-options prefix `SuSE-FW-TRACEROUTE-ATTEMPT '
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp port-unreachable
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp network-prohibited
ACCEPT icmp -- anywhere anywhere icmp host-prohibited
ACCEPT icmp -- anywhere anywhere icmp communication-prohibited
DROP icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
LOG all -- anywhere anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-OUTPUT-ERROR '

Chain forward_dmz (0 references)
target prot opt source destination

Chain forward_ext (0 references)
target prot opt source destination

Chain forward_int (0 references)
target prot opt source destination

Chain input_dmz (0 references)
target prot opt source destination
LOG all -- 10.10.1.0/24 anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOF '
DROP all -- 10.10.1.0/24 anywhere
LOG all -- 10.10.1.0/24 anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOF '
DROP all -- 10.10.1.0/24 anywhere
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
LOG icmp -- anywhere anywhere icmp redirect LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere icmp source-quench LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere icmp timestamp-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere icmp address-mask-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere icmp type 2 LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT '
DROP icmp -- anywhere anywhere
reject_func tcp -- anywhere anywhere tcp dpt:ident flags:SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp dpt:sunrpc flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP '
DROP tcp -- anywhere anywhere tcp dpt:sunrpc flags:SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp dpt:ndmp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP '
DROP tcp -- anywhere anywhere tcp dpt:ndmp flags:SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp dpt:dnp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP '
DROP tcp -- anywhere anywhere tcp dpt:dnp flags:SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp dpts:1024:65535 flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT '
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp dpts:1024:65535
ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp dpts:ipcserver:65535 flags:!SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp dpt:ftp-data flags:!SYN,RST,ACK/SYN
ACCEPT udp -- cache1.ntli.net anywhere state NEW,RELATED,ESTABLISHED udp spt:domain dpts:1024:65535
ACCEPT udp -- cache2.ntli.net anywhere state NEW,RELATED,ESTABLISHED udp spt:domain dpts:1024:65535
DROP udp -- anywhere anywhere udp dpt:bootpc
DROP udp -- anywhere anywhere udp dpt:sunrpc
DROP udp -- anywhere anywhere udp dpt:sunrpc
DROP udp -- anywhere anywhere udp dpt:ndmp
DROP udp -- anywhere anywhere udp dpt:ndmp
DROP udp -- anywhere anywhere udp dpt:dnp
DROP udp -- anywhere anywhere udp dpt:dnp
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED udp dpts:1024:65535
LOG tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT '
LOG icmp -- anywhere anywhere icmp source-quench LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT '
LOG icmp -- anywhere anywhere icmp redirect LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT '
LOG icmp -- anywhere anywhere icmp echo-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT '
LOG icmp -- anywhere anywhere icmp timestamp-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT '
LOG icmp -- anywhere anywhere icmp address-mask-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT '
LOG udp -- anywhere anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT '
LOG all -- anywhere anywhere state INVALID LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT-INVALID '
DROP all -- anywhere anywhere

Chain input_ext (1 references)
target prot opt source destination
LOG all -- 10.10.1.0/24 anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOF '
DROP all -- 10.10.1.0/24 anywhere
LOG icmp -- 10.10.1.0/24 anywhere icmp source-quench LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT-SOURCEQUENCH '
ACCEPT icmp -- 10.10.1.0/24 anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
LOG icmp -- anywhere anywhere icmp redirect LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere icmp source-quench LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere icmp timestamp-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere icmp address-mask-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere icmp type 2 LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT '
DROP icmp -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp dpt:netbios-ns flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT '
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:netbios-ns
LOG tcp -- anywhere anywhere tcp dpt:netbios-dgm flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT '
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:netbios-dgm
LOG tcp -- anywhere anywhere tcp dpt:netbios-ssn flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT '
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:netbios-ssn
LOG tcp -- anywhere anywhere tcp dpt:microsoft-ds flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT '
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:microsoft-ds
LOG tcp -- anywhere anywhere tcp dpt:http flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT '
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:http
reject_func tcp -- anywhere anywhere tcp dpt:ident flags:SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp dpt:sunrpc flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP '
DROP tcp -- anywhere anywhere tcp dpt:sunrpc flags:SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp dpt:ndmp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP '
DROP tcp -- anywhere anywhere tcp dpt:ndmp flags:SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp dpt:dnp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP '
DROP tcp -- anywhere anywhere tcp dpt:dnp flags:SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp dpts:1024:65535 flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT '
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp dpts:1024:65535
ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp dpts:ipcserver:65535 flags:!SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp dpt:ftp-data flags:!SYN,RST,ACK/SYN
ACCEPT udp -- cache1.ntli.net anywhere state NEW,RELATED,ESTABLISHED udp spt:domain dpts:1024:65535
ACCEPT udp -- cache2.ntli.net anywhere state NEW,RELATED,ESTABLISHED udp spt:domain dpts:1024:65535
DROP udp -- anywhere anywhere udp dpt:bootpc
DROP udp -- anywhere anywhere udp dpt:sunrpc
DROP udp -- anywhere anywhere udp dpt:sunrpc
DROP udp -- anywhere anywhere udp dpt:ndmp
DROP udp -- anywhere anywhere udp dpt:ndmp
DROP udp -- anywhere anywhere udp dpt:dnp
DROP udp -- anywhere anywhere udp dpt:dnp
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED udp dpts:1024:65535
LOG tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT '
LOG icmp -- anywhere anywhere icmp source-quench LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT '
LOG icmp -- anywhere anywhere icmp redirect LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT '
LOG icmp -- anywhere anywhere icmp echo-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT '
LOG icmp -- anywhere anywhere icmp timestamp-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT '
LOG icmp -- anywhere anywhere icmp address-mask-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT '
LOG udp -- anywhere anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT '
LOG all -- anywhere anywhere state INVALID LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT-INVALID '
DROP all -- anywhere anywhere

Chain input_int (1 references)
target prot opt source destination
LOG all -- 10.10.1.0/24 anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOF '
DROP all -- 10.10.1.0/24 anywhere
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
LOG icmp -- anywhere anywhere icmp redirect LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere icmp source-quench LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere icmp timestamp-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere icmp address-mask-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere icmp type 2 LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT '
DROP icmp -- anywhere anywhere
reject_func tcp -- anywhere anywhere tcp dpt:ident flags:SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp dpt:sunrpc flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP '
DROP tcp -- anywhere anywhere tcp dpt:sunrpc flags:SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp dpt:ndmp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP '
DROP tcp -- anywhere anywhere tcp dpt:ndmp flags:SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp dpt:dnp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP '
DROP tcp -- anywhere anywhere tcp dpt:dnp flags:SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp dpts:1024:65535 flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT '
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp dpts:1024:65535
ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp dpts:ipcserver:65535 flags:!SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp dpt:ftp-data flags:!SYN,RST,ACK/SYN
ACCEPT udp -- cache1.ntli.net anywhere state NEW,RELATED,ESTABLISHED udp spt:domain dpts:1024:65535
ACCEPT udp -- cache2.ntli.net anywhere state NEW,RELATED,ESTABLISHED udp spt:domain dpts:1024:65535
DROP udp -- anywhere anywhere udp dpt:bootpc
DROP udp -- anywhere anywhere udp dpt:sunrpc
DROP udp -- anywhere anywhere udp dpt:sunrpc
DROP udp -- anywhere anywhere udp dpt:ndmp
DROP udp -- anywhere anywhere udp dpt:ndmp
DROP udp -- anywhere anywhere udp dpt:dnp
DROP udp -- anywhere anywhere udp dpt:dnp
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED udp dpts:1024:65535
LOG tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT '
LOG icmp -- anywhere anywhere icmp source-quench LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT '
LOG icmp -- anywhere anywhere icmp redirect LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT '
LOG icmp -- anywhere anywhere icmp echo-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT '
LOG icmp -- anywhere anywhere icmp timestamp-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT '
LOG icmp -- anywhere anywhere icmp address-mask-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT '
LOG udp -- anywhere anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT '
LOG all -- anywhere anywhere state INVALID LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT-INVALID '
DROP all -- anywhere anywhere

Chain reject_func (3 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable
 
Old 01-29-2005, 02:52 PM   #10
jtshaw
Senior Member
 
Registered: Nov 2000
Location: Seattle, WA USA
Distribution: Ubuntu @ Home, RHEL @ Work
Posts: 3,892
Blog Entries: 1

Rep: Reputation: 67
Quote:
LOG tcp -- anywhere anywhere tcp dpt:netbios-ns flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT '
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:netbios-ns
LOG tcp -- anywhere anywhere tcp dpt:netbios-dgm flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT '
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:netbios-dgm
LOG tcp -- anywhere anywhere tcp dpt:netbios-ssn flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT '
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:netbios-ssn
LOG tcp -- anywhere anywhere tcp dpt:microsoft-ds flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT '
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:microsoft-ds
LOG tcp -- anywhere anywhere tcp dpt:http flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT '
Exactly what I thought... you have all the ports on accept for TCP but the problem is Samba doesn't use them all as TCP ports.

netbios-ssn and microsoft-ds are TCP ports.
netbios-ns and netbios-dgm are UDP ports. I actually don't allow netbios-dgm on my network because it is optional, but you need the netbios-ns UDP port open and you don't have a rule for that.
 
Old 01-29-2005, 03:12 PM   #11
ginda
Member
 
Registered: Mar 2004
Distribution: SUSE8.2, 9.2, Knoppix
Posts: 323

Original Poster
Rep: Reputation: 31
how do i allow that port?
 
Old 01-29-2005, 03:15 PM   #12
ginda
Member
 
Registered: Mar 2004
Distribution: SUSE8.2, 9.2, Knoppix
Posts: 323

Original Poster
Rep: Reputation: 31
How do i add into the suse 8.2 yast control center because all it gives me is an expert option where i can enter port numbers but how do i specifiy what type tcp or udp etc
 
Old 01-29-2005, 03:18 PM   #13
jtshaw
Senior Member
 
Registered: Nov 2000
Location: Seattle, WA USA
Distribution: Ubuntu @ Home, RHEL @ Work
Posts: 3,892
Blog Entries: 1

Rep: Reputation: 67
Code:
iptables -A INPUT -p tcp --dport netbios-ssn -j ACCEPT        
iptables -A INPUT -p tcp --dport microsoft-ds -j ACCEPT
iptables -A INPUT -p udp --dport netbios-ns -j ACCEPT
Those are the rules I use to allow Samba to work. However, if your using one of those nifty gui tools I have no idea how you are suppose to differentiate between tcp and udp ports.
 
Old 01-30-2005, 01:21 AM   #14
ginda
Member
 
Registered: Mar 2004
Distribution: SUSE8.2, 9.2, Knoppix
Posts: 323

Original Poster
Rep: Reputation: 31
Ok...i have seen the GUI for the linux firewall in webmin, but it looks alot more complex than i thought...do i just add the new lines via the add new chain button or do i have to edit the specific lines
 
Old 01-30-2005, 02:33 AM   #15
jtshaw
Senior Member
 
Registered: Nov 2000
Location: Seattle, WA USA
Distribution: Ubuntu @ Home, RHEL @ Work
Posts: 3,892
Blog Entries: 1

Rep: Reputation: 67
I don't really know how to help you there. I just wrote my own script to purge any and all existing rules and activate the ones I wanted. iptables is pretty easy to configure by hand.
 
  


Reply
Page 1 of 2 1 2



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba and ports mikz Linux - Networking 1 03-04-2005 01:10 PM
correct ports for samba? skippuff54 Linux - Networking 2 08-02-2004 08:07 AM
Enabling ports for samba toadoy Linux - Newbie 3 07-08-2004 06:35 AM
how can i open ports for samba? wlfdgcrkz *BSD 2 06-02-2003 01:11 PM
how do open ports for samba wlfdgcrkz Linux - Software 5 06-02-2003 01:35 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:14 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration