[expert] Ipchains and nmb

[James]

All,
 

  The following rules to allow comps inside my firewall to see a samba server on the 
firewall exist.

##-> Allows Windows machines on the inside network to access a Samba Server
##-> running on the firewall.
/sbin/ipchains -A input -i eth1 -s 192.168.187.0/255.255.255.0 137 -d 192.168.187.255 
137 -p tcp -j ACCEPT
/sbin/ipchains -A input -i eth1 -s 192.168.187.0/255.255.255.0 137 -d 192.168.187.1 
137 -p tcp -j ACCEPT
/sbin/ipchains -A output -i eth1 -s 192.168.187.1 137 -d 192.168.187.0/255.255.255.0 
137 -p tcp -j ACCEPT
/sbin/ipchains -A input -i eth1 -s 192.168.187.0/255.255.255.0 137 -d 192.168.187.1 
137 -p udp -j ACCEPT
/sbin/ipchains -A output -i eth1 -s 192.168.187.1 137 -d 192.168.187.0/255.255.255.0 
137 -p udp -j ACCEPT
/sbin/ipchains -A input -i eth1 -s 192.168.187.0/255.255.255.0 1024:65535 -d 
192.168.187.1 138 -p udp -j ACCEPT
/sbin/ipchains -A output -i eth1 -s 192.168.187.1 138 -d 192.168.187.0/255.255.255.0 
1024:65535 -p udp -j ACCEPT
/sbin/ipchains -A input -i eth1 -s 192.168.187.0/255.255.255.0 1024:65535 -d 
192.168.187.1 139 -p tcp -j ACCEPT
/sbin/ipchains -A output -i eth1 -s 192.168.187.1 139 -d 192.168.187.0/255.255.255.0 
1024:65535 ! -y -p tcp -j ACCEPT

/sbin/ipchains -A input -i eth0 -s ! 192.168.187.1 137 -d $EXTBC 137 -p udp -j ACCEPT
/sbin/ipchains -A input -i eth0 -s ! 192.168.187.1 137 -d $EXTIP 137 -p tcp -j ACCEPT
/sbin/ipchains -A output -i eth0 -s $EXTIP 137 -d ! 192.168.187.1 137 -p tcp -j ACCEPT
/sbin/ipchains -A input -i eth0 -s ! 192.168.187.1 137 -d $EXTIP 137 -p udp -j ACCEPT
/sbin/ipchains -A output -i eth0 -s $EXTIP 137 -d ! 192.168.187.1 137 -p udp -j ACCEPT
/sbin/ipchains -A input -i eth0 -s ! 192.168.187.1 1024:65535 -d $EXTIP 138 -p udp -j 
ACCEPT
/sbin/ipchains -A output -i eth0 -s $EXTIP 138 -d ! 192.168.187.1 1024:65535 -p udp -j 
ACCEPT
/sbin/ipchains -A output -i eth0 -s $EXTIP 139 -d ! 192.168.187.1 1024:65535 ! -y -p 
tcp -j ACCEPT


The problem is.... they can't see it.  In var/log/messages I'm getting the following 
error.

Feb 17 22:22:19 james nmbd[7782]:   Packet send failed to 192.168.187.255(138) 
ERRNO=Operation not permitted

This is the only "error" message I get ... When I try to do smbclient -NL somebox  I 
get an error that says 
added interface ip=192.168.187.1 bcast=192.168.187.255 nmask=255.255.255.0
error connecting to 192.168.187.2:139 (Connection refused)
Error connecting to 192.168.187.2 (Connection refused)

The same error occurs when I try smbclient to the firewall from the firewall... OK 
anybody able to see where I blew it?

Thanks

James




Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com