Nov 22, 2009

How Can Samba Server Works With Firewall?

 		free web hosting
Open Discussion & Free Web Hosting > Computers & Tech > Operating Systems > Linux

How Can Samba Server Works With Firewall?

jedipi
Jun 9 2005, 01:04 PM
I just installed samba server.
After i did the configuration, it works fine.
However, if the firewall is turned on, it will not work.

How can I get my samba server works with firewall turnned on???

Comment/Reply (w/o sign-up)

qwijibow
Jun 9 2005, 02:19 PM
you have to open up the samba ports.

become root
CODE
su -


and get a list of server ports with
CODE
netstat -nlp


make a note of all ports and protocols listed as being listened to by the porgram SAMBA

then setup your firewall to allow connection attempts from local computers only.

for example, if your local LAN has IP's 192.168.1.X and a samba port is UPD 12345 then allow state NEW packets of protocol UDP to port 12345 fronsource 192.168.1.X through the firewall.

if you are using a firewall frontend, then use the wizzard.

if you use iptabkles directly, the commands would be...

CODE
iptables -I INPUT 1 -p udp --dport 12345 -m state --state NEW -s 192.168.1.0/24 -j ACCEPT


understand ?
if not, just post the output of netstat -npl and i will tell you what ports to open.

 

 

 


Comment/Reply (w/o sign-up)

jedipi
Jun 10 2005, 12:31 AM
Thanks for you help...
I still have some problem with it.
after i issued the command netstat -nlp, it shows some thing like this
CODE
tcp        0      0 0.0.0.0:139                 0.0.0.0:*                   LISTEN      4203/smbd
tcp        0      0 0.0.0.0:445                 0.0.0.0:*                   LISTEN      4203/smbd

udp        0      0 192.168.123.146:137     0.0.0.0:*                           4207/nmbd
udp        0      0 0.0.0.0:137             0.0.0.0:*                           4207/nmbd
udp        0      0 192.168.123.146:138     0.0.0.0:*                           4207/nmbd
udp        0      0 0.0.0.0:138             0.0.0.0:*                           4207/nmbd

Those to services smbd and nmbd is for samba server, am i right??
if I am not wrong, then I should open the udp port 137-138 and tcp port 139, 445????
And I noticed that the state for tcp is LISTEN, but nothing for UDP....

Thanks for telling the iptable command to opne the udp port.
however I am not familar with iptable.
could you teach me how to turn on the TCP port???

in the command that you showed
CODE
iptables -I INPUT 1 -p udp --dport 12345 -m state --state NEW -s 192.168.1.0/24 -j ACCEPT

what does this 192.168.1.0/24 means?? I know 192.168.1.0 is the IP address, but the 24, I couldn't understand....

Am I asked too much question??
thanks you again.

Comment/Reply (w/o sign-up)

qwijibow
Jun 10 2005, 10:11 AM
QUOTE
Am I asked too much question??

Lol, without questions it wouldnt be a very good frum smile.gif

If you are using a graphical interface to setup your firewall, then you should also use that to open the samba ports.

changes you make with iptables will not be remembered by that graphical firewall setup.
Either use only the graphical firewall tool, or iptables command.

here is an explanation of what the iptables rule in my other post does...

-I INPUT 1 (means to Insert the rule to the top of the INPUT rules)
-p udp (means this rule applies only to UDP protocol)
--dport 12345 (means this rule applies only to packets with Destination port 12345)
-m state (means to load the state module for use in the next part)
--state NEW (means this rule applies to new packets)
-s 192.168.1.0/24 (means this rule is for all ipaddresses from 192.168.1.0 to 192.168.1.255)

the /24 means compare only the first 24bits. an Ip address is 4 bytes (32bits)
by only compareing the first 24bit (3 bytes) you are only ompareing the first 3 numbers in the ip, 192.168.1.ANYTHING

-j ACCEPT means allow packets matvhing this rule.

on my samba server i use the following firewall.
CODE
iptables -F INPUT    (clear all input rules)
iptables -F OUTPUT  (cear all output rules)
iptables -P OUTPUT ACCEPT (unrestricted output, default is to accept output)
iptables -P INPUT DROP (default is to DROP incomming traffic)

iptables -A INPUT -i lo -j ACCEPT (allow computer to talk to itself, unrestricted)
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT (allow a packet if it is part of previously ACCEPTED connection)

iptables -A INPUT -p tcp --dport 139 -m state --state NEW -j ACEPT (allow new connections to tcp 139 from local area (not internet) )
iptables -A INPUT -p tcp --dport 445 -m state --state NEW -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p udp --dport 137 -m state --state NEW -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p udp --dport 138 -m state --state NEW -s 192.168.1.0/24 -j ACCEPT


you can then save the firewall settsings with

CODE
iptables-save > /etc/iptables-rules


and load them again with
CODE
iptables-restore < /etc/iptables-rules


/etc/iptables-rules can be any file you choose.
most people put the firewall laoding line into a boot script.

for more info on iptables, take a look at the online manual by running "man iptables"

EDIT:
oh yes, and you were correct about the ports you need to open.

Comment/Reply (w/o sign-up)

Got an Opinion! Express your Views! (no registration):-
Add your Reply/ Opinion/ Views/ Comments/ Suggestion/ Questions/ Queries etc.
Posts with decent grammar & English will be accepted and please refrain from profanities.
For asking a Question, We recommend you to sign-up (for free) so that you can track the topic easily.
Nature of your Post*: Opinion/ Reply/ Comments
Question/Query
Feedback to us.
       
Name   Email
Title/Question*

This textarea will convert to Rich-Text automatically (IE, Firefox, Chrome)

Similar Topics

Keywords : samba, server, works, firewall

  1. Simple Ubuntu Based Home File Server | For Newbies
    (1)
  2. Build Your Own Server
    (10)
    "Have you wanted a full-functionality web-server, media host, BitTorrent client and NAS box, all
    fully remote-controlled? Want to build it out of spare parts? Well then..." The guys at bit-tech
    have their Linux guru explain a complete networking solution built from old junk. Contains scripts,
    step-by-step instructions and lots of pics.
    http://www.bit-tech.net/bits/2007/06/05/bu...ur_own_server/1 _________________________________
    http://dserban01.googlepages.com/linkedin....abap.basis.html ....
  3. Fedora Directory Server
    Anybody uses it? (0)
    Some time ago Red Hat acquired Netscape's Directory Server and release it under open source
    licence renamed Fedora Directory Server. Does onybody use it, or simply try? What future of FDS do
    you predict? Give your opinion.....
  4. Need A Firewall?
    (8)
    I am running the latest version of Debian Linux. It is run in the Demilitarized Zone ( DMZ ) on my
    home network. My internet address has a static ip ( it never changes ) Do I need to install some
    type of firewall, or make some special configurations to protect the Debian Server or is the raw
    installation and operating system already secure. I have looked in numerous Linux threads and I
    have not been able to identify a straight or valid answer. I have seen both views, some people say
    you need a firewall others say that Debian is built protected the way it is. I am k....
  5. Share Files With Samba
    (2)
    I've been asking along this week , how to set a authentication prompt on windows 2000
    professional , because i'm trying to create a secure file sharing cpu. Well... i remembered that
    linux is very great in stability and secure. I've downloaded and installed Mandriva 10.1 because
    he already brings Samba package, but i cant get him inside my workgroup, because he creates a
    defautl work group "mdkworkgroup" something like that. I'm not very expert in linux systems but
    i know that he can be configurated to Serv Files Sharing ( Only ). I know there are alots ....
  6. CentOS: Test Server Reporting Errors!
    (5)
    Hello! I've got a test server launched using CentOS 4.3 Final and installed phpSysInfo on it to
    monitor it. Well, when I ran it as Debian, I never got the following errors on the output: QUOTE
    common_functions.php 294 file_exists(/proc/scsi/scsi) the file does not exist on your machine
    common_functions.php 294 file_exists(/proc/bus/usb/devices) the file does not exist on your
    machine common_functions.php 158 /bin/df /bin/df: `/proc': Permission denied /bin/df:
    `/sys': Permission denied /bin/df: `/dev/pts': Permission denied /bin/df: `/pr....
  7. Re-configure X Server
    (2)
    I re-installed a fresh copy of Debian on an extra hard drive (I'm not about to experience the
    troubles I had on a good system) and so I tried to get the Nvidia drivers re-installed. I don't
    remember the way I did it before, but this time was much easier except I have to reconfigure X. I
    see the Nvidia logo which means that they were installed, I just need to configure X to use them.
    What is the command line? I could have swarn there was a command line for it! Thanks (again)! F....
  8. Restarting Apache Server
    (16)
    I've worked with Apache long enough that I know (or at least I thought I knew) how to restart
    it. The problem: my terminal is filled with "command not found" and other errors and the such.
    httpd restart, right? NOPE! Command not found! apachectl restart, NOPE! Command not found! I'm
    out of ideas! I can't just keep physically re-booting the machine when I need JUST apache to
    restart! Thanks for any help, my system is Debain 3.1 r1. F....
  9. Binds ( Dns Server For Linux ) - How To Use It ?
    (3)
    I have BINDS installed on my Linux box and was wondering how you use it. For the fact that it is a
    DNS server, that is all I know. Otherwise, I'm lost! Thanks! F....
  10. Suse Linux Enterprise Server 9
    (5)
    I'm wondering if anyone has ever used SuSE Linux Enterprise Server 9 as a regular desktop Linux
    distro? I use mine as a local test server, but I'm thinking of installing it on my laptop (it
    has mobile features in it!) and dual booting with XP. Maybe not in the near future or anything. It
    doesn't come with software like OpenOffice.org like some other versions have (Xandros for
    example, and I think Fedora Core 4) and it is very limited except on server stuff. Well, I am new to
    Linux so I wouldn't exactly know what 'limited' was on a Linux system. ....
  11. Having Trouble Deciding Linux Distro For My Dad
    For my dad's office server (14)
    Well, my dad's office needs to upgrade it's primary server that's currently running
    Redhat 7.2, and I need recommend him a distro, but I'm stumped between Fedora and SUSE, wut do u
    guys think? If you want to recommend other distros, please tell me, and state the reason. Thanks!
    xboxrulz....
  12. Redhat 8.0 + Evolution + Ms Exchange Server
    (8)
    I have been forced into quite a conor at work these days and here is my problem. The project that I
    am working on requires Redhat 8.0 with as few updates as possible in order to support the baseline
    of the reviewed software. I would like to check my email while in Linux via the built in Evolution.
    I ran the setup for Evolution and there is no option for Microsoft Exchange server. I have done
    some digging around the net and have found that you need at least version 1.4.6 for the option to be
    present. My current version is 1.0.8-10. I have run up2date and it says tha....
  13. Help: Dns Server Auto Updataion
    (0)
    hi, I have Rhel 3 and clients of abt 100+ wht i did is, i manually enterd each host name and IP,
    wht i want to know? is there any other way (like in windows that each client will make an entry in
    to the DNS database) any one find me answer, reply me, sami......
  14. Linux Server Routing Failed!
    please help me? (0)
    The following is the settings on the linux server OS: Redhat 9 eth0: 192.168.1.98/24 eth1:
    192.168.10.1/24 route-eth0 file: 192.168.1.0/24 via 192.168.1.98 route-eth1 file: 192.168.10.0/24
    via 192.168.10.1 my own subnet is 192.168.10.0 internet accessing router internal port:
    192.168.1.99/24 problem: i want to use this linux server as a router between the real router and
    the subnet. all the internet request from my subnet will be forward to the real router. my client
    pc in the subnet has address :192.168.10.253 i can ping the 192.168.1.98 successfully from the cli....
  15. Linux/unix For My Purpose
    Running Linux/Unix as dedicated server (2)
    I'm thinking to start my own server and have never used any Linux or Unix OS before. I'm
    looking for the easiest, least code/programming, most buttons-click-customizing server friendly to
    MySQL, Apache, webmail, pop3, smtp, videostreaming and all that Linux/Unix OS out there. It must be
    free and easy to download. All suggestions are welcome! Thank you.....
  16. Dial In Server On Rh Linux 9.0
    (0)
    Hello! Guys I have been given this task to implement or in fact configure a dial in server as in
    ISPS Now here is the description What I want to configure is a Remote Access server (RRAS in windows
    2003) so that my users of which have their accounts on my server can dial in from a remote location
    using PSTN and then get 3 facilities 1. Files on Local LAN 2. Internet which is available on the
    server and on the local LAN 3. Emails that are o the local intranet like my own domain Now I have
    to configure it on Linux 9.0 The problem is that I have worked with Linux bu....
  17. Ip blocking on a game server?
    Xp--2003 server!! (5)
    hi i run a game server for a clan and i would like to know how to ban ips for being able to access
    the server dame cheaters. I know you could use a program like zonealarm or other firewalls but i
    realy would lie to use the internal one but i can t find out how to do it please can some one help
    me as the cheater is so anoying.. thanks for the help....
  18. Linux Server & Cpanel Alternatives ?
    (7)
    Hi Due to the price of CPanel that will be out the window if I build a server, the OS I will be
    using is RedHat Linux as its free. Are there any CPanel alternatives that are compatible with this?
    Thanks....


      19. Looking for samba, server, works, firewall

See Also,

*SIMILAR VIDEOS*
Searching Video's for samba, server, works, firewall
advertisement



How Can Samba Server Works With Firewall?

Affordable Web Hosting, Low cost Web Hosting - ComputingHost.com