Find the answer to your Linux question:
Results 1 to 2 of 2
For some reason my iptables script is blocking my smb service. I can't figure out what might be blocking it and I was wondering if anyone could lend me a ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2005
    Posts
    1

    Iptables Is Blocking Samba


    For some reason my iptables script is blocking my smb service. I can't figure out what might be blocking it and I was wondering if anyone could lend me a hand.

    Samba works fine when iptables is stopped and flushed. Any help will be greatly appreciated.

    Here's my iptables script:

    Code:
    #!/bin/sh
    
    IPT="/sbin/iptables"
    
    echo "0" > /proc/sys/net/ipv4/ip_forward
    
    echo "1" > /proc/sys/net/ipv4/tcp_syncookies
    
    echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
    
    echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
    
    /sbin/modprobe ip_conntrack_ftp
    
    #Flush The Old Rules
    $IPT -F
    $IPT -F -t nat
    $IPT -F -t mangle
    $IPT -X
    $IPT -X -t nat
    $IPT -X -t mangle
    
    echo Old Rules Flushed
    
    #Set Default-Drop Policy
    $IPT -P INPUT DROP
    $IPT -P OUTPUT DROP
    
    #Create New Chain Called BAD_PACKETS
    $IPT -N BAD_PACKETS
    
    #Allow The Loopback
    $IPT -A INPUT -i lo -j ACCEPT
    
    #Jump To BAD_PACKETS
    $IPT -A INPUT -j BAD_PACKETS
    
    #Allow Established Connections
    $IPT -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
    
    #Allow SSH From Specified Hots
    $IPT -A INPUT -p TCP -i eth0 --dport 22 -s 192.168.255.3 \-m state --state NEW -j ACCEPT
    $IPT -A INPUT -p TCP -i eth0 --dport 22 -s 192.168.255.4 \-m state --state NEW -j ACCEPT
    
    #Allow Samba From Specified Hosts
    $IPT -A INPUT -p TCP -i eth0 --dport 137:139 -s 192.168.255.3 \-m state --state NEW -j ACCEPT
    $IPT -A INPUT -p UDP -i eth0 --dport 137:139 -s 192.168.255.3 \-m state --state NEW -j ACCEPT
    $IPT -A INPUT -p TCP -i eth0 --dport 137:139 -s 192.168.255.4 \-m state --state NEW -j ACCEPT
    $IPT -A INPUT -p UDP -i eth0 --dport 137:139 -s 192.168.255.4 \-m state --state NEW -j ACCEPT
    
    #Allow ICMP Replies From Specified Hosts (Ping)
    $IPT -A INPUT -p ICMP -i eth0 --icmp-type 8 -s 192.168.255.3 \-m state --state NEW -j ACCEPT
    $IPT -A INPUT -p ICMP -i eth0 --icmp-type 8 -s 192.168.255.4 \-m state --state NEW -j ACCEPT
    
    #Log
    $IPT -A INPUT -j LOG --log-prefix "INPUT DROP: "
    
    #Accept Loopback On OUTPUT
    $IPT -A OUTPUT -o lo -j ACCEPT
    
    #Allow Established Connections
    $IPT -A OUTPUT -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
    
    #Allow HTTP,FTP,DNS, & Port 443 Outbound
    $IPT -A OUTPUT -p TCP -o eth0 --dport 443 -m state --state NEW -j ACCEPT
    $IPT -A OUTPUT -p TCP -o eth0 --dport 80 -m state --state NEW -j ACCEPT
    $IPT -A OUTPUT -p UDP -o eth0 --dport 53 -m state --state NEW -j ACCEPT
    $IPT -A OUTPUT -p TCP -o eth0 --dport 21 -m state --state NEW -j ACCEPT
    
    #Allow ICMP Replies (Ping)
    $IPT -A OUTPUT -p ICMP -o eth0 --icmp-type 8 \-m state --state NEW -j ACCEPT
    
    #Drop
    $IPT -A OUTPUT -j LOG --log-prefix "OUTPUT DROP: "
    $IPT -A BAD_PACKETS -p TCP ! --syn -m state --state NEW -j DROP
    $IPT -A BAD_PACKETS -p TCP --tcp-flags ALL ALL -j DROP
    $IPT -A BAD_PACKETS -p TCP --tcp-flags ALL NONE -j DROP
    $IPT -A BAD_PACKETS -p TCP --tcp-flags ALL SYN \-m state --state ESTABLISHED -j DROP
    $IPT -A BAD_PACKETS -p ICMP --fragment -j DROP
    $IPT -A BAD_PACKETS -m state --state INVALID -j DROP
    $IPT -A BAD_PACKETS -d 255.255.255.255 -j DROP
    $IPT -A BAD_PACKETS -j RETURN
    
    echo "So let it be written. So let it be done."

  2. #2
    Just Joined!
    Join Date
    Mar 2005
    Location
    Ghana
    Posts
    35

    iptables n samba

    why not try providing access to the port that runs the samba service. probably that should help u.

    just use the iptables manual on the OS to figure out where n how to set the SAMBA port an opened access from the Firewall(IPTABLES).

    refer www.yolinux.com for comprehensive details

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •