Wow, you are using your samba-server as internet-gateway and firewall??? Uffhh...
Ok, I don't have this configuration, but in my firewall-script I have FIRST: transparent redirecting and SECOND: masquarading The DROP-Rule you should put in last. I configured my firewall with the excellent tool fwbuilder, try it and throw away your probs... http://www.fwbuilder.org/ Regards Sascha Am Montag, 31. Mai 2004 23:21 schrieb azeem ahmad: > >From: Sascha Bieler <[EMAIL PROTECTED]> > >To: [EMAIL PROTECTED] > >Subject: Re: [Samba] please help me. > >Date: Mon, 31 May 2004 23:02:33 +0200 > > > >I just wonder why port 445 is missing there... > > > >Greetings > > > >Sascha > > here is the new script but the same problem is with this script too that if > i enable transparent redirection it starts taking about 4 minutes and if i > remove the rule for port 80 transparent redirection then it starts working > here is the script > --------------------------------------------------------------------------- >------------------------------------------------------- echo 1 > > /proc/sys/net/ipv4/ip_forward > > iptables -F > iptables -t nat -F > > modprobe ip_nat_ftp > > iptables -P INPUT DROP > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > > iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT > iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT > iptables -A INPUT -i eth0 -p tcp --dport 53 -j ACCEPT > iptables -A INPUT -i eth0 -p udp --dport 53 -j ACCEPT > iptables -A INPUT -i eth0 -p udp --dport 137 -j ACCEPT > iptables -A INPUT -i eth0 -p tcp --dport 137 -j ACCEPT > iptables -A INPUT -i eth0 -p udp --dport 138 -j ACCEPT > iptables -A INPUT -i eth0 -p tcp --dport 138 -j ACCEPT > iptables -A INPUT -i eth0 -p udp --dport 139 -j ACCEPT > iptables -A INPUT -i eth0 -p tcp --dport 139 -j ACCEPT > iptables -A INPUT -i eth0 -p tcp --dport 445 -j ACCEPT > iptables -A INPUT -i eth0 -p udp --dport 445 -j ACCEPT > #iptables -A INPUT -j LOG > > #iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080 > #iptables -t nat -A PREROUTING -p udp --dport 80 -j REDIRECT --to-port 8080 > > iptables -P FORWARD DROP > iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT > > iptables -A FORWARD -i eth0 -p tcp --dport 21 -j ACCEPT > iptables -A FORWARD -i eth0 -p tcp --dport 443 -j ACCEPT > iptables -A FORWARD -i eth0 -p tcp --dport 5000 -j ACCEPT > iptables -A FORWARD -i eth0 -p tcp --dport 5001 -j ACCEPT > iptables -A FORWARD -i eth0 -p tcp --dport 5005 -j ACCEPT > iptables -A FORWARD -i eth0 -p tcp --dport 5050 -j ACCEPT > iptables -A FORWARD -i eth0 -p tcp --dport 6660:6670 -j ACCEPT > iptables -A FORWARD -i eth0 -p tcp --dport 7000 -j ACCEPT > iptables -A FORWARD -i eth0 -p tcp --dport 28805 -j ACCEPT > iptables -A FORWARD -i eth0 -p tcp --dport 51215 -j ACCEPT > > iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE > --------------------------------------------------------------------------- >------------------------------------------------------- > > Regards > Azeem > > _________________________________________________________________ > STOP MORE SPAM with the new MSN 8 and get 2 months FREE* > http://join.msn.com/?page=features/junkmail -- _______________________________________________ Radio Gong 2000 GmbH & Co. KG Sascha Bieler Technischer Leiter Franz-Joseph-Strasse 14 80801 MÃnchen -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
