[CentOS] Samba and iptables - woes

Tue Mar 31 05:33:49 UTC 2009
Spook ZA <spookza at gmail.com>

Hi.

2009/3/31 Rob Kampen <rkampen at kampensonline.com>:
> Hi folk,
> I am trying to get iptables working on a samba server but find it is
> blocking something that prevents the windoze clients from being able to
> access the share.
> here are the bits from iptables:
>>
>> # nmb provided netbios-ns
>> -A RH-Firewall-1-INPUT -p udp -m udp -s 192.168.230.100/24 -i eth1 --dport
>> 137 -j ACCEPT
>> # nmb provided netbios-dgm
>> -A RH-Firewall-1-INPUT -p udp -m udp -s 192.168.230.100/24 -i eth1 --dport
>> 138 -j ACCEPT
>> # Samba
>> -A RH-Firewall-1-INPUT -p tcp -m tcp -m state -s 192.168.230.100/24 -i
>> eth1 --dport 135 --state NEW -j ACCEPT
>> # smb provided netbios-ssn
>> -A RH-Firewall-1-INPUT -p tcp -m tcp -m state -s 192.168.230.100/24 -i
>> eth1 --dport 139 --state NEW -j ACCEPT
>> # smb provided microsoft-ds
>> -A RH-Firewall-1-INPUT -p tcp -m tcp -m state -s 192.168.230.100/24 -i
>> eth1 --dport 445 --state NEW -j ACCEPT
>
Your source address is invalid.
If you want access from the entire 192.168.230.x subnet, you have to
use a source of 192.168.230.0/24.
If you want access from only 100, then you need to specify the source
as 192.168.230.100/32 (a single address with a mask to match or just
leave the mask off).

HTH

Regards,
  Andrew.