[EMAIL PROTECTED] wrote:
hello uug friends. thanks for all the help you have provided me with recently. the uug is a great resource! here's my latest dilemma:
we have this rhe3 box with samba shares. the box has one network card with
a 10.0.0.151 ip and an aliased public ip address.
the box is running iptables.
I want to allow people on the 10.0.0.x network to mount the samba share but to disallow people on the Internet at large from doing the same.
<snip>
If your default policy was DENY you would do this:
iptables -A INPUT -s 10.0.0.0/24 -m multiport -p tcp --destination-port 137,138,139,445 -j ACCEPT
If your default policy is ACCEPT then do this:
iptables -A INPUT -s ! 10.0.0.0/24 -m multiport -p tcp --destination-port 137,138,139,445 -j DENY
Probably an easier solution would be to set up samba to only accept connections from valid hosts. You can do this by adding this line to your smb.conf file:
hosts allow = 10.0.0.
Frank --------------------------------------------------------------------------- Frank Sorenson - KD7TZK Systems Manager, Computer Science Department Brigham Young University [EMAIL PROTECTED]
--------------------
BYU Unix Users Group http://uug.byu.edu/
The opinions expressed in this message are the responsibility of their
author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________
List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
