Page 1 of 1
Samba IPTABLES script?
Posted: Mon Apr 10, 2006 10:17 am
by a94060
Hi,
I would like to know if somebody would be able to make me an ip tables script to open up the ports for samba so i can access my linux server from my other computers. (i cant do this because i do not know the ports for samba)
thanks
Posted: Mon Apr 10, 2006 11:40 am
by Benjamin
Code: Select all
iptables -A INPUT -p udp -s 192.168.0.0/16 -d 192.168.0.1/32 --dport 137:138 -j ACCEPT
iptables -A INPUT -p udp --dport 137:138 -j DROP
iptables -A INPUT -p tcp -s 192.168.0.0/16 -d 192.168.0.1/32 --dport 139 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.0.0/16 -d 192.168.0.1/32 --dport 445 -j ACCEPT
iptables -A INPUT -p tcp -m multiport --dports 139,445 -j DROP
http://hr.uoregon.edu/davidrl/samba.html
Special thanks goes to Google

Posted: Mon Apr 10, 2006 12:45 pm
by timvw
How hard was it to find the list of portnumbers by doing a websearch?
Posted: Tue Apr 11, 2006 8:58 am
by a94060
thanks for the help
btw i searched for windows file sharing ports,samba ports and i did not get anything except for the ports 137-139
and it still did not work,thanks agtle.
Posted: Thu Apr 20, 2006 8:15 pm
by a94060
agtlewis wrote:Code: Select all
iptables -A INPUT -p udp -s 192.168.0.0/16 -d 192.168.0.1/32 --dport 137:138 -j ACCEPT
iptables -A INPUT -p udp --dport 137:138 -j DROP
iptables -A INPUT -p tcp -s 192.168.0.0/16 -d 192.168.0.1/32 --dport 139 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.0.0/16 -d 192.168.0.1/32 --dport 445 -j ACCEPT
iptables -A INPUT -p tcp -m multiport --dports 139,445 -j DROP
http://hr.uoregon.edu/davidrl/samba.html
Special thanks goes to Google

even after following the guide,when i access the computer from a client at 10.10.10.4,i still get the error:"The server service is not started." My server is at 10.10.10.5 and i want to allow all computers between 10.10.10.0-10.10.10.255 to be able to access the computer.This is how i changed it so far:
Code: Select all
iptables -A INPUT -p udp -s 10.10.10.0/24 -d 10.10.10.5 --dport 137:138 -j ACCEPT
iptables -A INPUT -p udp --dport 137:138 -j DROP
iptables -A INPUT -p tcp -s 10.10.10.0/24 -d 10.10.10.5 --dport 139 -j ACCEPT
iptables -A INPUT -p tcp -s 10.10.10.0/24 -d 10.10.10.5 --dport 445 -j ACCEPT
iptables -A INPUT -p tcp -m multiport --dports 139,445 -j DROP