[TCLUG] ipchains/samba

Tue May 27 10:31:49 CDT 2003

Mike Hicks said:
> On Tue, 2003-05-27 at 08:30, Raymond Norton wrote:
>> I am having trouble accessing samba shares from my local network. If I
>> stop
>> ipchains it works fine. can anyone tell me what changes I need to make
>> to
>> the following set up.
>>
>> -A input -s 0/0 -d 0/0 25 -p tcp -y -j ACCEPT
> [etc.]
>
> You seem to be mostly matching on SYN packets (except for UDP streams)
> with that '-y' flag.  Those packets are only for initiating a
> connection.  Basically, your firewall seems to only let a client machine
> say "Hello," replies with "Oh, hi," and then promptly starts ignoring
> the client (sounds like some places I've been in real life..)

Like compusa u mean?

Your assessment looks right to me. Additionally i'd recommend and upgrade
to a 2.4 kernel and iptables.

>
> You'd probably have a lot more luck if you remove the '-y'
>
> Rules similar to yours would probably work on a machine running
> iptables, provided there's a rule to allow ESTABLISHED traffic, but
> that's a whole other ball of wax...
>
> --
>  _  _  _  _ _  ___    _ _  _  ___ _ _  __   You poor misguided Canadian
> / \/ \(_)| ' // ._\  / - \(_)/ ./| ' /(__   bastard.
> \_||_/|_||_|_\\___/  \_-_/|_|\__\|_|_\ __)
> [ Mike Hicks | http://umn.edu/~hick0088/ | mailto:hick0088 at tc.umn.edu ]
>

-- 
Ben Lutgens
System Administrator / Has Been / Complete Moron

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list