> > > Anyone know how to allow ports 137, 138, and 139 go through in the > ipchains and iptables commands? > > > > thanks. > > > > For IPTables: > > iptables -A INPUT -s xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy-i ethX -p tcp -m tcp > --dport 137 -j ACCEPT > iptables -A INPUT -s xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy-i ethX -p udp -m udp > --dport 137 -j ACCEPT > > Repeat for each port (138 and 139) > > ethX is the interface on which you want to accept those packets. > > xxx.xxx.xxx.xxx is the ip address or network address that you want to > allow to use those ports. > > yyy.yyy.yyy.yyy is the netmask of the network range. If you're only > specifiying individual addresses, you don't need the netmask portion, or > the "/". >
You might also do this by specifiing the portrange instead of single ports. This is done by iptables -A INPUT -s xxx.xxx.xxx.xxx/yy -i ethX -p tcp --dport 137:139 -j ACCEPT iptables -A INPUT -s xxx.xxx.xxx.xxx/yy -i ethX -p udp --dport 137:139 -j ACCEPT Where yy can be also written in decimals according to the number of bits set to 1 in your subnet mask. 24 ^= 11111111.11111111.11111111.00000000 ^= 255.255.255.0 16 ^= 11111111.11111111.00000000.00000000 ^= 255.255.0.0 8^= 11111111.00000000.00000000.00000000 ^= 255.0.0.0 But remember, to set up a connection you need to allow packets going back, too. iptables -A OUTPUT -d xxx.xxx.xxx.xxx/yy -i ethX -p tcp --sport 137:139 -j ACCEPT iptables -A OUTPUT -d xxx.xxx.xxx.xxx/yy -i ethX -p udp --sport 137:139 -j ACCEPT Regards, Sebastian _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
