OK if i stop my firewall my samba share works fine
however if i leave it on samba will not start
below is my firewall script
------------------------------------------------------------------------------
#Firewall file 12/08/05
#restart iptables
service iptables restart
echo "restarted"
iptables -F
#path to ip tables
IPTABLES="/sbin/iptables"
#drop all as default policy
${IPTABLES} -P INPUT DROP
${IPTABLES} -P OUTPUT DROP
${IPTABLES} -P FORWARD DROP
#Allow related
${IPTABLES} -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
${IPTABLES} -I OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#Allows requests on port 80 and returns all requests
${IPTABLES} -I INPUT -p tcp --destination-port 80 -j ACCEPT
${IPTABLES} -I OUTPUT -p tcp --destination-port 80 -j ACCEPT
#Allows requests on port 22 and returns all requests
${IPTABLES} -I INPUT -p tcp --destination-port 22 -j ACCEPT
${IPTABLES} -I OUTPUT -p tcp --destination-port 22 -j ACCEPT
#Allows requests on port 25 and returns all requests
${IPTABLES} -I INPUT -p tcp --destination-port 25 -j ACCEPT
${IPTABLES} -I OUTPUT -p tcp --destination-port 25 -j ACCEPT
#Allow DNS
${IPTABLES} -I OUTPUT --destination-port 53 -j ACCEPT
${IPTABLES} -I OUTPUT -p udp --destination-port 53 -j ACCEPT
# Allows request on port 21 and return all request add same for 20
${IPTABLES} -A INPUT -s 0/0 -i eth0 -p tcp --dport 21 -j ACCEPT
${IPTABLES} -A OUTPUT -s 0/0 -o eth0 -p tcp --sport 21 -j ACCEPT
# Allows request on port 20
${IPTABLES} -A INPUT -s 0/0 -i eth0 -p tcp --dport 20 -j ACCEPT
${IPTABLES} -A OUTPUT -s 0/0 -o eth0 -p tcp --sport 20 -j ACCEPT
#This allows pings from anywhere
${IPTABLES} -A INPUT -i eth0 -s 0/0 -p icmp --icmp-type 0 -j ACCEPT
${IPTABLES} -A OUTPUT -o eth0 -d 0/0 -p icmp --icmp-type 0 -j ACCEPT
${IPTABLES} -A INPUT -i eth0 -s 0/0 -p icmp --icmp-type 8 -j ACCEPT
${IPTABLES} -A OUTPUT -o eth0 -d 0/0 -p icmp --icmp-type 8 -j ACCEPT
#lists table rules
iptables -L
----------------------------------------------------------------------------
i have tried adding various things however i am not good with iptables and
would be greatfull if someone could help.
also when i run the firewall it says it dosnt understand --dport and yet it works: it gives the following message:
--------------------------------------------------------------------------------
# ./rc.firewall
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
restarted
iptables v1.3.0: Unknown arg `--destination-port'
Try `iptables -h' or 'iptables --help' for more information.
Chain FORWARD (policy DROP)
target prot opt source destination
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp echo-request
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:ftp
ACCEPT tcp -- anywhere anywhere tcp spt:ftp-data
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp echo-request
Chain RH-Firewall-1-INPUT (0 references)
target prot opt source destination
-------------------------------------------------------------------------------------
thanks