I just installed samba server.
After i did the configuration, it works fine.
However, if the firewall is turned on, it will not work.

How can I get my samba server works with firewall turnned on???

you have to open up the samba ports.

become root


and get a list of server ports with


make a note of all ports and protocols listed as being listened to by the porgram SAMBA

then setup your firewall to allow connection attempts from local computers only.

for example, if your local LAN has IP's 192.168.1.X and a samba port is UPD 12345 then allow state NEW packets of protocol UDP to port 12345 fronsource 192.168.1.X through the firewall.

if you are using a firewall frontend, then use the wizzard.

if you use iptabkles directly, the commands would be...



understand ?
if not, just post the output of netstat -npl and i will tell you what ports to open.

Thanks for you help...
I still have some problem with it.
after i issued the command netstat -nlp, it shows some thing like this

Those to services smbd and nmbd is for samba server, am i right??
if I am not wrong, then I should open the udp port 137-138 and tcp port 139, 445????
And I noticed that the state for tcp is LISTEN, but nothing for UDP....

Thanks for telling the iptable command to opne the udp port.
however I am not familar with iptable.
could you teach me how to turn on the TCP port???

in the command that you showed

what does this 192.168.1.0/24 means?? I know 192.168.1.0 is the IP address, but the 24, I couldn't understand....

Am I asked too much question??
thanks you again.

Lol, without questions it wouldnt be a very good frum

If you are using a graphical interface to setup your firewall, then you should also use that to open the samba ports.

changes you make with iptables will not be remembered by that graphical firewall setup.
Either use only the graphical firewall tool, or iptables command.

here is an explanation of what the iptables rule in my other post does...

-I INPUT 1 (means to Insert the rule to the top of the INPUT rules)
-p udp (means this rule applies only to UDP protocol)
--dport 12345 (means this rule applies only to packets with Destination port 12345)
-m state (means to load the state module for use in the next part)
--state NEW (means this rule applies to new packets)
-s 192.168.1.0/24 (means this rule is for all ipaddresses from 192.168.1.0 to 192.168.1.255)

the /24 means compare only the first 24bits. an Ip address is 4 bytes (32bits)
by only compareing the first 24bit (3 bytes) you are only ompareing the first 3 numbers in the ip, 192.168.1.ANYTHING

-j ACCEPT means allow packets matvhing this rule.

on my samba server i use the following firewall.


you can then save the firewall settsings with



and load them again with


/etc/iptables-rules can be any file you choose.
most people put the firewall laoding line into a boot script.

for more info on iptables, take a look at the online manual by running "man iptables"

EDIT:
oh yes, and you were correct about the ports you need to open.