Iptables Is Blocking Samba

[Soulful93]

For some reason my iptables script is blocking my smb service. I can't figure out what might be blocking it and I was wondering if anyone could lend me a hand.

Samba works fine when iptables is stopped and flushed. Any help will be greatly appreciated.

Here's my iptables script:

Code:

#!/bin/sh

IPT="/sbin/iptables"

echo "0" > /proc/sys/net/ipv4/ip_forward

echo "1" > /proc/sys/net/ipv4/tcp_syncookies

echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses

/sbin/modprobe ip_conntrack_ftp

#Flush The Old Rules
$IPT -F
$IPT -F -t nat
$IPT -F -t mangle
$IPT -X
$IPT -X -t nat
$IPT -X -t mangle

echo Old Rules Flushed

#Set Default-Drop Policy
$IPT -P INPUT DROP
$IPT -P OUTPUT DROP

#Create New Chain Called BAD_PACKETS
$IPT -N BAD_PACKETS

#Allow The Loopback
$IPT -A INPUT -i lo -j ACCEPT

#Jump To BAD_PACKETS
$IPT -A INPUT -j BAD_PACKETS

#Allow Established Connections
$IPT -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

#Allow SSH From Specified Hots
$IPT -A INPUT -p TCP -i eth0 --dport 22 -s 192.168.255.3 \-m state --state NEW -j ACCEPT
$IPT -A INPUT -p TCP -i eth0 --dport 22 -s 192.168.255.4 \-m state --state NEW -j ACCEPT

#Allow Samba From Specified Hosts
$IPT -A INPUT -p TCP -i eth0 --dport 137:139 -s 192.168.255.3 \-m state --state NEW -j ACCEPT
$IPT -A INPUT -p UDP -i eth0 --dport 137:139 -s 192.168.255.3 \-m state --state NEW -j ACCEPT
$IPT -A INPUT -p TCP -i eth0 --dport 137:139 -s 192.168.255.4 \-m state --state NEW -j ACCEPT
$IPT -A INPUT -p UDP -i eth0 --dport 137:139 -s 192.168.255.4 \-m state --state NEW -j ACCEPT

#Allow ICMP Replies From Specified Hosts (Ping)
$IPT -A INPUT -p ICMP -i eth0 --icmp-type 8 -s 192.168.255.3 \-m state --state NEW -j ACCEPT
$IPT -A INPUT -p ICMP -i eth0 --icmp-type 8 -s 192.168.255.4 \-m state --state NEW -j ACCEPT

#Log
$IPT -A INPUT -j LOG --log-prefix "INPUT DROP: "

#Accept Loopback On OUTPUT
$IPT -A OUTPUT -o lo -j ACCEPT

#Allow Established Connections
$IPT -A OUTPUT -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

#Allow HTTP,FTP,DNS, & Port 443 Outbound
$IPT -A OUTPUT -p TCP -o eth0 --dport 443 -m state --state NEW -j ACCEPT
$IPT -A OUTPUT -p TCP -o eth0 --dport 80 -m state --state NEW -j ACCEPT
$IPT -A OUTPUT -p UDP -o eth0 --dport 53 -m state --state NEW -j ACCEPT
$IPT -A OUTPUT -p TCP -o eth0 --dport 21 -m state --state NEW -j ACCEPT

#Allow ICMP Replies (Ping)
$IPT -A OUTPUT -p ICMP -o eth0 --icmp-type 8 \-m state --state NEW -j ACCEPT

#Drop
$IPT -A OUTPUT -j LOG --log-prefix "OUTPUT DROP: "
$IPT -A BAD_PACKETS -p TCP ! --syn -m state --state NEW -j DROP
$IPT -A BAD_PACKETS -p TCP --tcp-flags ALL ALL -j DROP
$IPT -A BAD_PACKETS -p TCP --tcp-flags ALL NONE -j DROP
$IPT -A BAD_PACKETS -p TCP --tcp-flags ALL SYN \-m state --state ESTABLISHED -j DROP
$IPT -A BAD_PACKETS -p ICMP --fragment -j DROP
$IPT -A BAD_PACKETS -m state --state INVALID -j DROP
$IPT -A BAD_PACKETS -d 255.255.255.255 -j DROP
$IPT -A BAD_PACKETS -j RETURN

echo "So let it be written. So let it be done."

[dessie]

why not try providing access to the port that runs the samba service. probably that should help u.

just use the iptables manual on the OS to figure out where n how to set the SAMBA port an opened access from the Firewall(IPTABLES).

refer www.yolinux.com for comprehensive details