Re: [Samba] iptables protection and broadcasts
Hi, Michal Kurowski schrieb: Hi, It's a basic firewall question I guess. Perhaps someone of you has seen it. I've got I firewall setup meant for my samba server protection. The problem is it seems to block all broadcasts. The error message: [2004/09/22 17:43:47.572148, 0, pid=1505, effective(0, 0), real(0, 0)] libsmb/nmblib.c:send_udp(756) Packet send failed to 192.168.2.25(138) ERRNO=Operation not permitted This tells you the sending of your packet failed, but bellow you show only the part of your firewall for receiving packets. (chain INPUT) What is in the OUTPUT chain of your firewall? Christoph -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] iptables protection and broadcasts
Hi,
It's a basic firewall question I guess. Perhaps someone of you has
seen it.
I've got I firewall setup meant for my samba server protection.
The problem is it seems to block all broadcasts.
The error message:
[2004/09/22 17:43:47.572148, 0, pid=1505, effective(0, 0), real(0, 0)]
libsmb/nmblib.c:send_udp(756)
Packet send failed to 192.168.2.25(138) ERRNO=Operation not permitted
Relevant smb.conf snippet (eth1 is 192.168.2.2):
hosts allow = 192.168.2.0/24 localhost
hosts deny = 0.0.0.0/0
interfaces = eth1 lo
bind interfaces only = yes
And the firewall config:
IPTABLES=/usr/sbin/iptables
$IPTABLES -F
$IPTABLES -N sambers
$IPTABLES -A INPUT -i eth1 -j sambers
$IPTABLES -A sambers -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A sambers -p tcp --dport 137 -j ACCEPT
$IPTABLES -A sambers -p udp --dport 137 -j ACCEPT
$IPTABLES -A sambers -p tcp --dport 138 -j ACCEPT
$IPTABLES -A sambers -p udp --dport 138 -j ACCEPT
$IPTABLES -A sambers -p tcp --dport 139 -j ACCEPT
$IPTABLES -A sambers -p udp --dport 139 -j ACCEPT
$IPTABLES -A sambers -p tcp --dport 445 -j ACCEPT
$IPTABLES -A sambers -p udp --dport 445 -j ACCEPT
$IPTABLES -A sambers -j REJECT
Could you please advise me on that ?
--
Michal Kurowski
perl -e '$_=q#: 13_2: 12/o{: 8_4) (_4: 6/2^-2; 3;-2^\2: 5/7\_/\7: 12m m::#;
y#:#\n#;s#(\D)(\d+)#$1x$2#ge;print'
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
