Find the answer to your Linux question:
Results 1 to 3 of 3
Hi guys, strange problem here. I've setup samba, when I switch my firewalls of on both computers, i can access my shares without any problem. This is my LAN structure: ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Engineer
    Join Date
    Apr 2005
    Location
    Belgium
    Posts
    1,429

    Samba and netfilter


    Hi guys, strange problem here. I've setup samba, when I switch my firewalls of on both computers, i can access my shares without any problem.
    This is my LAN structure:
    internet
    ||
    ||
    router==PC1
    ||
    ||
    PC2

    Both pc's have shares. After setting up samba I configured netfilter to accept incoming requests from the other pc's ip address. This is my netfilter config (default policy for incoming requests is 'drop'):
    Code:
      iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT # ssh
      iptables -t filter -A OUTPUT -j ACCEPT
      iptables -t filter -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
      iptables -t filter -A INPUT -s 192.168.123.101 -p tcp --dport 139 -j ACCEPT
      iptables -t filter -A INPUT -s 192.168.123.101 -p udp -m multiport --dport 137,138 -j ACCEPT
      iptables -t filter -A INPUT -s 192.168.123.101 -p tcp --dport 445 -j ACCEPT
    On my other pc, the netfilter configuration is identical - except for the ip off course which is 192.168.123.100). Now, with both firewalls on and configured, I can't access the samba shares. But when the firewall from the 'origin pc' is off, and the one of the 'destination pc' is on, all goes fine. So that should mean the firewall accepts the incoming requests - as configured. But why the hack does my firewall seem to block the outgoing connection? I have the problem with both pc's (so from 1 to 2, and vice versa).

    Can anyone help me out here?
    ** Registered Linux User # 393717 and proud of it ** Check out www.zenwalk.org
    ** Zenwalk 2.8 - Xfce 4.4 beta 2- 2.6.17.6 kernel = Slack on steroids! **

  2. #2
    Linux Engineer
    Join Date
    Apr 2005
    Location
    Belgium
    Posts
    1,429
    Anyone? Or will this be listed in the 'Can you answer one of these questions?' part
    ** Registered Linux User # 393717 and proud of it ** Check out www.zenwalk.org
    ** Zenwalk 2.8 - Xfce 4.4 beta 2- 2.6.17.6 kernel = Slack on steroids! **

  3. #3
    Just Joined!
    Join Date
    Apr 2005
    Location
    kobe,japan
    Posts
    27
    i can think of a couple things you could try. since the computers are on the same network, would this fall under the FORWARD chain? if so, what is the policy set to? also, what is the use of the OUTPUT rule? if you are ACCEPTing all packets, just set the policy to ACCEPT. hope this helps.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •