Hi. 2009/3/31 Rob Kampen <rkampen at kampensonline.com>: > Hi folk, > I am trying to get iptables working on a samba server but find it is > blocking something that prevents the windoze clients from being able to > access the share. > here are the bits from iptables: >> >> # nmb provided netbios-ns >> -A RH-Firewall-1-INPUT -p udp -m udp -s 192.168.230.100/24 -i eth1 --dport >> 137 -j ACCEPT >> # nmb provided netbios-dgm >> -A RH-Firewall-1-INPUT -p udp -m udp -s 192.168.230.100/24 -i eth1 --dport >> 138 -j ACCEPT >> # Samba >> -A RH-Firewall-1-INPUT -p tcp -m tcp -m state -s 192.168.230.100/24 -i >> eth1 --dport 135 --state NEW -j ACCEPT >> # smb provided netbios-ssn >> -A RH-Firewall-1-INPUT -p tcp -m tcp -m state -s 192.168.230.100/24 -i >> eth1 --dport 139 --state NEW -j ACCEPT >> # smb provided microsoft-ds >> -A RH-Firewall-1-INPUT -p tcp -m tcp -m state -s 192.168.230.100/24 -i >> eth1 --dport 445 --state NEW -j ACCEPT > Your source address is invalid. If you want access from the entire 192.168.230.x subnet, you have to use a source of 192.168.230.0/24. If you want access from only 100, then you need to specify the source as 192.168.230.100/32 (a single address with a mask to match or just leave the mask off). HTH Regards, Andrew.