jedipi 0 Report post Posted June 9, 2005 I just installed samba server.After i did the configuration, it works fine.However, if the firewall is turned on, it will not work.How can I get my samba server works with firewall turnned on??? Share this post Link to post Share on other sites
qwijibow 0 Report post Posted June 9, 2005 you have to open up the samba ports.become root su - and get a list of server ports withnetstat -nlp make a note of all ports and protocols listed as being listened to by the porgram SAMBAthen setup your firewall to allow connection attempts from local computers only.for example, if your local LAN has IP's 192.168.1.X and a samba port is UPD 12345 then allow state NEW packets of protocol UDP to port 12345 fronsource 192.168.1.X through the firewall.if you are using a firewall frontend, then use the wizzard.if you use iptabkles directly, the commands would be...iptables -I INPUT 1 -p udp --dport 12345 -m state --state NEW -s 192.168.1.0/24 -j ACCEPT understand ?if not, just post the output of netstat -npl and i will tell you what ports to open. Share this post Link to post Share on other sites
jedipi 0 Report post Posted June 10, 2005 Thanks for you help...I still have some problem with it.after i issued the command netstat -nlp, it shows some thing like this tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 4203/smbdtcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 4203/smbdudp 0 0 192.168.123.146:137 0.0.0.0:* 4207/nmbdudp 0 0 0.0.0.0:137 0.0.0.0:* 4207/nmbdudp 0 0 192.168.123.146:138 0.0.0.0:* 4207/nmbdudp 0 0 0.0.0.0:138 0.0.0.0:* 4207/nmbdThose to services smbd and nmbd is for samba server, am i right??if I am not wrong, then I should open the udp port 137-138 and tcp port 139, 445????And I noticed that the state for tcp is LISTEN, but nothing for UDP....Thanks for telling the iptable command to opne the udp port.however I am not familar with iptable. could you teach me how to turn on the TCP port???in the command that you showed iptables -I INPUT 1 -p udp --dport 12345 -m state --state NEW -s 192.168.1.0/24 -j ACCEPTwhat does this 192.168.1.0/24 means?? I know 192.168.1.0 is the IP address, but the 24, I couldn't understand....Am I asked too much question??thanks you again. Share this post Link to post Share on other sites
qwijibow 0 Report post Posted June 10, 2005 Am I asked too much question??Lol, without questions it wouldnt be a very good frum If you are using a graphical interface to setup your firewall, then you should also use that to open the samba ports.changes you make with iptables will not be remembered by that graphical firewall setup.Either use only the graphical firewall tool, or iptables command.here is an explanation of what the iptables rule in my other post does...-I INPUT 1 (means to Insert the rule to the top of the INPUT rules)-p udp (means this rule applies only to UDP protocol)--dport 12345 (means this rule applies only to packets with Destination port 12345)-m state (means to load the state module for use in the next part)--state NEW (means this rule applies to new packets)-s 192.168.1.0/24 (means this rule is for all ipaddresses from 192.168.1.0 to 192.168.1.255)the /24 means compare only the first 24bits. an Ip address is 4 bytes (32bits)by only compareing the first 24bit (3 bytes) you are only ompareing the first 3 numbers in the ip, 192.168.1.ANYTHING-j ACCEPT means allow packets matvhing this rule.on my samba server i use the following firewall.iptables -F INPUT (clear all input rules)iptables -F OUTPUT (cear all output rules)iptables -P OUTPUT ACCEPT (unrestricted output, default is to accept output)iptables -P INPUT DROP (default is to DROP incomming traffic)iptables -A INPUT -i lo -j ACCEPT (allow computer to talk to itself, unrestricted)iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT (allow a packet if it is part of previously ACCEPTED connection)iptables -A INPUT -p tcp --dport 139 -m state --state NEW -j ACEPT (allow new connections to tcp 139 from local area (not internet) )iptables -A INPUT -p tcp --dport 445 -m state --state NEW -s 192.168.1.0/24 -j ACCEPTiptables -A INPUT -p udp --dport 137 -m state --state NEW -s 192.168.1.0/24 -j ACCEPTiptables -A INPUT -p udp --dport 138 -m state --state NEW -s 192.168.1.0/24 -j ACCEPT you can then save the firewall settsings withiptables-save > /etc/iptables-rules and load them again withiptables-restore < /etc/iptables-rules /etc/iptables-rules can be any file you choose.most people put the firewall laoding line into a boot script.for more info on iptables, take a look at the online manual by running "man iptables"EDIT:oh yes, and you were correct about the ports you need to open. Share this post Link to post Share on other sites