Samba IPTABLES script?

Whether you are using Linux on the desktop or as a server, it's still good that you're using Linux. Linux related questions go here.

Moderator: General Moderators

Post Reply
User avatar
a94060
Forum Regular
Posts: 543
Joined: Fri Feb 10, 2006 4:53 pm

Samba IPTABLES script?

Post by a94060 »

Hi,
I would like to know if somebody would be able to make me an ip tables script to open up the ports for samba so i can access my linux server from my other computers. (i cant do this because i do not know the ports for samba)

thanks
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

Code: Select all

iptables -A INPUT -p udp -s 192.168.0.0/16 -d 192.168.0.1/32 --dport 137:138 -j ACCEPT
iptables -A INPUT -p udp --dport 137:138 -j DROP


iptables -A INPUT -p tcp -s 192.168.0.0/16 -d 192.168.0.1/32 --dport 139 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.0.0/16 -d 192.168.0.1/32 --dport 445 -j ACCEPT
iptables -A INPUT -p tcp -m multiport --dports 139,445 -j DROP
http://hr.uoregon.edu/davidrl/samba.html

Special thanks goes to Google :wink:
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

How hard was it to find the list of portnumbers by doing a websearch?
User avatar
a94060
Forum Regular
Posts: 543
Joined: Fri Feb 10, 2006 4:53 pm

Post by a94060 »

thanks for the help

btw i searched for windows file sharing ports,samba ports and i did not get anything except for the ports 137-139
and it still did not work,thanks agtle.
User avatar
a94060
Forum Regular
Posts: 543
Joined: Fri Feb 10, 2006 4:53 pm

Post by a94060 »

agtlewis wrote:

Code: Select all

iptables -A INPUT -p udp -s 192.168.0.0/16 -d 192.168.0.1/32 --dport 137:138 -j ACCEPT
iptables -A INPUT -p udp --dport 137:138 -j DROP


iptables -A INPUT -p tcp -s 192.168.0.0/16 -d 192.168.0.1/32 --dport 139 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.0.0/16 -d 192.168.0.1/32 --dport 445 -j ACCEPT
iptables -A INPUT -p tcp -m multiport --dports 139,445 -j DROP
http://hr.uoregon.edu/davidrl/samba.html

Special thanks goes to Google :wink:
even after following the guide,when i access the computer from a client at 10.10.10.4,i still get the error:"The server service is not started." My server is at 10.10.10.5 and i want to allow all computers between 10.10.10.0-10.10.10.255 to be able to access the computer.This is how i changed it so far:

Code: Select all

iptables -A INPUT -p udp -s 10.10.10.0/24 -d 10.10.10.5 --dport 137:138 -j ACCEPT
iptables -A INPUT -p udp --dport 137:138 -j DROP


iptables -A INPUT -p tcp -s 10.10.10.0/24 -d 10.10.10.5 --dport 139 -j ACCEPT
iptables -A INPUT -p tcp -s 10.10.10.0/24 -d 10.10.10.5 --dport 445 -j ACCEPT
iptables -A INPUT -p tcp -m multiport --dports 139,445 -j DROP
Post Reply