I need tcp port 139 or 445 to run smb and udp ort 161 for snmp.

I tried editing /etc/sysconfig/iptables:

and adding lines:


-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 161 -j ACCEPT


when i run netstat -ta or netstat -l I don't see either of those two ports open....

does anyone know what I am doing wrong or if there is anything i am forgetting to add

any help be appreciated
thanks
--p

Look at http://wiki.linuxquestions.org/wiki/Iptables . Get rid of the default firewall script and write your own. It can be very simple.

Add these two lines to /etc/sysconfig/iptables:

***For Samba***
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --source 192.168.0.0/255.255.255.0 --dport 137:139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --source 192.168.0.0/255.255.255.0 --dport 137:139 -j ACCEPT

***For SNMP***
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 161 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 161 -j ACCEPT

Change the --source 192.168.0.0/255.255.255.0 to your IP network. After that just do a 'service iptables restart' and it should be good to go.

for whatever reason it gives me

Applying iptables firewall rules: iptables-restore v1.2.11: Unknown arg `--source'
Error occurred at line: 23
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
[FAILED]

I don't know what is wrong...

another question is when u say

so if my ip is 1.2.3.4 i need to say source 1.2.0.0/... ? or write the full ip....

thanks....

It depends on your subnet mask. What is your IP address and Subnet Mask? Also, if you dont want to filter smb via a source address you can just omit '--source 192.168.0.0/255.255.255.0' and it should still work.

For whatever reason when I run xprobe2 -v localhost I get this following error: or I am just not understanding and it is just running fine...

[+] Selected safe Round-Trip Time value is: 0.00034 sec
[-] fingerprint:tcp_hshake Module execution aborted (no open TCP ports known)
[-] fingerprint:smb need either TCP port 139 or 445 to run
[-] fingerprint:snmp: need UDP port 161 open
[+] Primary guess:

xprobe2 -v calif.dyndns.org

[+] Running scan engine
[-] ping:tcp_ping module: no closed/open TCP ports known on calif.dyndns.org. Module test failed
[-] ping:udp_ping module: no closed/open UDP ports known on calif.dyndns.org. Module test failed
[-] No distance calculation. calif.dyndns.org appears to be dead or no ports known
[+] Host: calif.dyndns.org is down (Guess probability: 0%)

the thing is, the host is up and running and it tells me its not...when i run nmap -sT and nmap -sU it gives me tcp and upd ports are running.

When i add the rules in iptables for snmp and samba and restart my iptables it starts ok. but running nmap doesn't show me those ports as open.

Any guesses why this is happening?

Are you running this server behind a Natted router (Linksys, Netgear, etc..)? If so then you need to port forward on your router to the server. Try to explain your setup better and what you are trying to do. Are you trying to access smb & snmp from the Internet or internal network?

Well, I don't exactly know what firewall school uses but I am running my centos linux server through the university's. So, there is definetly the firewall issue. smb, snmp: are used by xprobe2 for fingerprint if i run it locally it doesn't work or if I try to scan other ip's that are not within the school network.

I am just trying to run xprobe2 successfully and it gives me errors listed above.

I thought if you write the firewall rules in iptables then it should work just fine...but it doesn't seem to..

let me know if u need anymore info.

thanks
--p

If you think its a local firewall issue on your box then disable iptables 'service iptables stop' and see if xprobe works. If it doesnt then its not a iptables issue.