On Mon, 2003-09-15 at 20:32, Ian L wrote: > Hey all, > > I'm trying to set up samba to work with a win2k3 server and a redhat 8 > server. I've got samba 2.x installed. It seems to be working, although i > havent finished setting up all the user permissions. When i turn iptables > off, i get a password prompt in windows when i click on the server. > > when i turn ip tables on, it just sits for 20 seconds and then tells me i > dont have permission to access this network resource.
Hi Ian. Hopefully I can offer a suggestion that will not only solve your problem, but show *you* how to do it. You know, the old "give a man a fish" theory. ;-)
Install tcpdump, if you don't have it already. Determine what traffic (SSH, HTTP, DNS, etc.) you might see across the relevant network interface (eth1?) that Samba traffic should traverse. Now, run the following (with iptables enabled):
"tcpdump -ni eth1 not port 22 and not port 80 and not port 53" (etc, etc.) Include a "and not port XX" for each known service you *don't* want to see. This should (hopefully) reveal which ports/protocols that Samba is using. Those will be the ones you'll want to add to your iptables ruleset to allow SMB traffic through.
There's always a chance that you'll catch more traffic than you expect. It's a case of trial and error. You're generally looking for TCP/UDP traffic between ports 135-139 and possibly 445. Hope this helps!
Thanks,
i do appreciate the information. however, i think i have information overload from tcpdump right now. There is a LOT of info scrolling across the screen. Some of it i can figure out what its trying to do, although i cant figure out ports or anything useful for iptables. Most of the traffic seems to be broadcast messages from other networked PC's and printers. It became a little more readable if i used -nnqi but it was still mostly greek to me.
I did try allowing ports 135-139 and 445 in iptables for both tcp and udp. But i guess i did something wrong.
Hmm, looks like i got it working by playing with the config file a bit more.
-A RH-Lokkit-0-50-INPUT -i eth0 -p tcp -m multiport --dport 135,139,445 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i eth0 -p udp -m multiport --dport 135,137,138,139,445 -j ACCEPT
those are the two lines i added, which seem to have it working now. One last question though ... what's the parameter to tell it to only accept this traffic from a specific IP? is it -s ip-address ?
thanks for the help,
ian
-- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
