Hi, Victor !!! I'm not an expert but I've got a stand-alone machine running ipchains. I've opened the ports 137, 138 y 139 for TCP and UDP. I think you should open them but only for those machines you want to use SAMBA. I think you're trying to act as a client so this is the actual state of my configuration:
ipchains -A output -i eth0 -p tcp -s $MYIPADDR 1024:65535 -d $SERVIPADDR 137:139 -j ACCEPT ipchains -A input -i eth0 -p tcp -s $SERVIPADDR 137:139 -d $MYIPADDR 1024:65535 -j ACCEPT ipchains -A output -i eth0 -p udp -s $MYIPADDR 1024:65535 -d $SERVIPADDR 137:139 -j ACCEPT ipchains -A input -i eth0 -p udp -s $SERVIPADDR 137:139 -d $MYIPADDR 1024:65535 -j ACCEPT I think you should also put the "! -y" flags in the second rule. I hope this helps you... :-) Bye, P.D.1: Forgive me about my english... :-( P.D.2: Any comments about what I've written will be appreciated. ------------------------------ Javier Quinteros Universidad de Buenos Aires ------------------------------ Victor Usjanov escribió: > Hello > > I am trying to run ipchains firewall on my computer connected to corporate > nettwork. I created a set of rules that let web and mail and ssh traffic in > and out, and it works just fine. But i got a problem with NFS and samba > traffic. I did not manage to get it running until i placed "-A input -s > 0/0 -d 0/0 -i eth0 -j ACCEPT" in the ipchains.conf file. But, as far as i > understand this opens for all traffic to all ports over eth0 ( which is the > only network interface in my computer), which is not 100% secure.. or am i > wrong here? > I have tried to remove the above line and add "-A input -s 0/0 139 -d 0/0 -i > eth0 -p tcp -y -j ACCEPT" to let samba traffic in, but nothing happened ( it > startet to deny all kinds of traffic) > > I have tried to search around for hints how to set up ipchains, but all > examples i find describe how to make a conf file for a firewall with a whole > nettwork behind, but not for a stand alone computer. > > I feel kind of lost here... and IPchains-howto on linuxdoc didnt help a lot. > Some can help a little? May be someone knows of some examples i can look at? > > Thanks in advance > -- > Victor
