[EMAIL PROTECTED] wrote:
hello uug friends. thanks for all the help you have provided me with recently. the uug is a great resource! here's my latest dilemma:
we have this rhe3 box with samba shares. the box has one network card with a 10.0.0.151 ip and an aliased public ip address.
the box is running iptables.
I want to allow people on the 10.0.0.x network to mount the samba share but to disallow people on the Internet at large from doing the same.
how do I set that up?
ideas?
mrb
I think samba uses ports 137,138,139,445
If your default policy was DENY you would do this:
iptables -A INPUT -s 10.0.0.0/24 -m multiport -p tcp --destination-port 137,138,139,445 -j ACCEPT
If your default policy is ACCEPT then do this:
iptables -A INPUT -s ! 10.0.0.0/24 -m multiport -p tcp --destination-port 137,138,139,445 -j DENY
You might have to do the same thing for the udp protocol, I'm not up to speed on if Samba still uses udp.
Mike Wilson
--------------------
BYU Unix Users Group http://uug.byu.edu/
The opinions expressed in this message are the responsibility of their
author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________
List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
