LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-23-2006, 06:44 PM   #1
mraconnor
LQ Newbie
 
Registered: Jan 2006
Posts: 12

Rep: Reputation: 0
Unhappy my Iptables firewall with samba


OK if i stop my firewall my samba share works fine

however if i leave it on samba will not start

below is my firewall script
------------------------------------------------------------------------------

#Firewall file 12/08/05

#restart iptables
service iptables restart
echo "restarted"

iptables -F

#path to ip tables
IPTABLES="/sbin/iptables"

#drop all as default policy
${IPTABLES} -P INPUT DROP
${IPTABLES} -P OUTPUT DROP
${IPTABLES} -P FORWARD DROP

#Allow related
${IPTABLES} -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
${IPTABLES} -I OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#Allows requests on port 80 and returns all requests
${IPTABLES} -I INPUT -p tcp --destination-port 80 -j ACCEPT
${IPTABLES} -I OUTPUT -p tcp --destination-port 80 -j ACCEPT

#Allows requests on port 22 and returns all requests
${IPTABLES} -I INPUT -p tcp --destination-port 22 -j ACCEPT
${IPTABLES} -I OUTPUT -p tcp --destination-port 22 -j ACCEPT

#Allows requests on port 25 and returns all requests
${IPTABLES} -I INPUT -p tcp --destination-port 25 -j ACCEPT
${IPTABLES} -I OUTPUT -p tcp --destination-port 25 -j ACCEPT


#Allow DNS

${IPTABLES} -I OUTPUT --destination-port 53 -j ACCEPT
${IPTABLES} -I OUTPUT -p udp --destination-port 53 -j ACCEPT

# Allows request on port 21 and return all request add same for 20
${IPTABLES} -A INPUT -s 0/0 -i eth0 -p tcp --dport 21 -j ACCEPT
${IPTABLES} -A OUTPUT -s 0/0 -o eth0 -p tcp --sport 21 -j ACCEPT

# Allows request on port 20
${IPTABLES} -A INPUT -s 0/0 -i eth0 -p tcp --dport 20 -j ACCEPT
${IPTABLES} -A OUTPUT -s 0/0 -o eth0 -p tcp --sport 20 -j ACCEPT

#This allows pings from anywhere
${IPTABLES} -A INPUT -i eth0 -s 0/0 -p icmp --icmp-type 0 -j ACCEPT
${IPTABLES} -A OUTPUT -o eth0 -d 0/0 -p icmp --icmp-type 0 -j ACCEPT
${IPTABLES} -A INPUT -i eth0 -s 0/0 -p icmp --icmp-type 8 -j ACCEPT
${IPTABLES} -A OUTPUT -o eth0 -d 0/0 -p icmp --icmp-type 8 -j ACCEPT

#lists table rules
iptables -L

----------------------------------------------------------------------------


i have tried adding various things however i am not good with iptables and
would be greatfull if someone could help.


also when i run the firewall it says it dosnt understand --dport and yet it works: it gives the following message:

--------------------------------------------------------------------------------
# ./rc.firewall
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
restarted
iptables v1.3.0: Unknown arg `--destination-port'
Try `iptables -h' or 'iptables --help' for more information.
Chain FORWARD (policy DROP)
target prot opt source destination

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp echo-request

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:ftp
ACCEPT tcp -- anywhere anywhere tcp spt:ftp-data
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp echo-request

Chain RH-Firewall-1-INPUT (0 references)
target prot opt source destination

-------------------------------------------------------------------------------------


thanks
 
Old 06-23-2006, 09:10 PM   #2
DrOzz
Senior Member
 
Registered: May 2003
Location: Sydney, Nova Scotia, Canada
Distribution: slackware
Posts: 4,185

Rep: Reputation: 60
Just like you opened up other ports, you are going to have to open up ports 137,138,139 , and you should be good to go.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables with iptables-firewall.conf arno's matt3333 Slackware 16 06-28-2007 08:20 AM
iptables firewall ninjaz Linux - Networking 2 10-20-2005 11:19 AM
IPTABLES firewall Vs rc firewall netguy2000 Linux - Security 7 02-28-2004 05:31 AM
Firewall/iptables brentos Linux - Security 14 11-25-2003 06:47 PM
firewall iptables SchwipSchwap Linux - Newbie 2 09-14-2002 07:41 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:13 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration