On Sunday 17 February 2002 02:01 pm, Victor Usjanov wrote:
> Hello
>
> I am trying to run ipchains firewall on my computer connected to corporate
> nettwork. I created a set of rules that let web and mail and ssh traffic in
> and out, and it works just fine. But i got a problem with NFS and samba
> traffic. I did not manage to get it running until i placed "-A input -s
> 0/0 -d 0/0 -i eth0 -j ACCEPT" in the ipchains.conf file. But, as far as i
> understand this opens for all traffic to all ports over eth0 ( which is the
> only network interface in my computer), which is not 100% secure.. or am i
> wrong here?
> I have tried to remove the above line and add "-A input -s 0/0 139 -d 0/0
> -i eth0 -p tcp -y -j ACCEPT" to let samba traffic in, but nothing happened
> ( it startet to deny all kinds of traffic)
>
> I have tried to search around for hints how to set up ipchains, but all
> examples i find describe how to make a conf file for a firewall with a
> whole nettwork behind, but not for a stand alone computer.
>
> I feel kind of lost here... and IPchains-howto on linuxdoc didnt help a
> lot. Some can help a little? May be someone knows of some examples i can
> look at?
>
>
> Thanks in advance
smb traffic will require ports 137-139 tcp and udp ( i think those are all it
needs)
nfs should only require port 111 tcp and udp, and port 2049 udp
