Hi.
2009/3/31 Rob Kampen rkampen@kampensonline.com:
Hi folk, I am trying to get iptables working on a samba server but find it is blocking something that prevents the windoze clients from being able to access the share. here are the bits from iptables:
# nmb provided netbios-ns -A RH-Firewall-1-INPUT -p udp -m udp -s 192.168.230.100/24 -i eth1 --dport 137 -j ACCEPT # nmb provided netbios-dgm -A RH-Firewall-1-INPUT -p udp -m udp -s 192.168.230.100/24 -i eth1 --dport 138 -j ACCEPT # Samba -A RH-Firewall-1-INPUT -p tcp -m tcp -m state -s 192.168.230.100/24 -i eth1 --dport 135 --state NEW -j ACCEPT # smb provided netbios-ssn -A RH-Firewall-1-INPUT -p tcp -m tcp -m state -s 192.168.230.100/24 -i eth1 --dport 139 --state NEW -j ACCEPT # smb provided microsoft-ds -A RH-Firewall-1-INPUT -p tcp -m tcp -m state -s 192.168.230.100/24 -i eth1 --dport 445 --state NEW -j ACCEPT
Your source address is invalid. If you want access from the entire 192.168.230.x subnet, you have to use a source of 192.168.230.0/24. If you want access from only 100, then you need to specify the source as 192.168.230.100/32 (a single address with a mask to match or just leave the mask off).
HTH
Regards, Andrew.