iptables / Samba / internet connectivity - Networking

This is a discussion on iptables / Samba / internet connectivity - Networking ; Hi, I've got Samba working (eventually!), and tracked it down to my iptables configuration. I assume that iptables starts when linux boots up. In this state, I can't access my samba server from my Windows machines, but my windows machines ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: iptables / Samba / internet connectivity

  1. iptables / Samba / internet connectivity

    Hi,

    I've got Samba working (eventually!), and tracked it down to my
    iptables configuration. I assume that iptables starts when linux boots
    up. In this state, I can't access my samba server from my Windows
    machines, but my windows machines can access the internet.

    However, when I run,

    [root@server~]service iptables stop

    I can access samba (set my shares as mapped networked drives etc), but
    internet connectivity stops. If I restart iptables, internet
    connectivity is restored, but connection to samba stops!

    My network is set up as:

    Router (192.168.0.1) ----- fc7 server (eth0) 192.168.0.3 -- (eth1)
    192.168.1.100 ----- Windows network (192.168.1.100-120)

    When I can't access the internet, I can't ping eth0 (192.168.0.3) or
    the router.

    Can anyone point me in the direction of a decent tutorial explaining
    how to set up iptables to allow my internal network (192.168.1.*)
    access to the internet?

    Thanks,
    Chris

  2. Re: iptables / Samba / internet connectivity

    CCW wrote:
    > Hi,
    >
    > I've got Samba working (eventually!), and tracked it down to my
    > iptables configuration. I assume that iptables starts when linux boots
    > up. In this state, I can't access my samba server from my Windows
    > machines, but my windows machines can access the internet.
    >
    > However, when I run,
    >
    > [root@server~]service iptables stop
    >
    > I can access samba (set my shares as mapped networked drives etc), but
    > internet connectivity stops. If I restart iptables, internet
    > connectivity is restored, but connection to samba stops!
    >
    > My network is set up as:
    >
    > Router (192.168.0.1) ----- fc7 server (eth0) 192.168.0.3 -- (eth1)
    > 192.168.1.100 ----- Windows network (192.168.1.100-120)
    >
    > When I can't access the internet, I can't ping eth0 (192.168.0.3) or
    > the router.
    >
    > Can anyone point me in the direction of a decent tutorial explaining
    > how to set up iptables to allow my internal network (192.168.1.*)
    > access to the internet?
    >
    > Thanks,
    > Chris

    Run an iptables --list and check the policy of your firewall rules. To
    remove all rules run iptables -F and change the policy to ACCEPT with
    iptables -P INPUT ACCEPT
    iptables -P OUTPUT ACCEPT
    iptables -P FORWARD ACCEPT
    That means no firewall is running and you accept any traffic IN, OUT and
    FORWARD.
    This should also allow connections to your samba server.
    Ciao
    thorko

  3. Re: iptables / Samba / internet connectivity

    CCW wrote:

    > Hi,
    >
    > I've got Samba working (eventually!), and tracked it down to my
    > iptables configuration. I assume that iptables starts when linux boots
    > up. In this state, I can't access my samba server from my Windows
    > machines, but my windows machines can access the internet.
    >
    > However, when I run,
    >
    > [root@server~]service iptables stop
    >
    > I can access samba (set my shares as mapped networked drives etc), but
    > internet connectivity stops. If I restart iptables, internet
    > connectivity is restored, but connection to samba stops!
    >
    > My network is set up as:
    >
    > Router (192.168.0.1) ----- fc7 server (eth0) 192.168.0.3 -- (eth1)
    > 192.168.1.100 ----- Windows network (192.168.1.100-120)
    >
    > When I can't access the internet, I can't ping eth0 (192.168.0.3) or
    > the router.
    >
    > Can anyone point me in the direction of a decent tutorial explaining
    > how to set up iptables to allow my internal network (192.168.1.*)
    > access to the internet?
    >
    > Thanks,
    > Chris



    Not to subtract from what you have accomplished, you may find ssh
    a lot easier to set up and use. It has 128 bit encryption
    so you can use it right across the globe.

    After enabling ssh, you can log in via command line, or I find
    easier - konqueror. Typing a url like this...
    fish://username@ipaddress to login. You can have multiple tabs open
    to connect to multiple servers securely and transfer files with
    cut and paste or drag and drop.

    From windopws, you can run winscp which gives you drag and drop
    file copy with ssh.



  4. Re: iptables / Samba / internet connectivity

    CCW wrote:
    > Hi,


    > I've got Samba working (eventually!), and tracked it down to my
    > iptables configuration. I assume that iptables starts when linux boots
    > up. In this state, I can't access my samba server from my Windows
    > machines, but my windows machines can access the internet.


    > However, when I run,


    > [root@server~]service iptables stop


    > I can access samba (set my shares as mapped networked drives etc), but
    > internet connectivity stops. If I restart iptables, internet
    > connectivity is restored, but connection to samba stops!


    > My network is set up as:


    > Router (192.168.0.1) ----- fc7 server (eth0) 192.168.0.3 -- (eth1)
    > 192.168.1.100 ----- Windows network (192.168.1.100-120)


    > When I can't access the internet, I can't ping eth0 (192.168.0.3) or
    > the router.


    > Can anyone point me in the direction of a decent tutorial explaining
    > how to set up iptables to allow my internal network (192.168.1.*)
    > access to the internet?


    A decent tutorial would likely have to be distribution-specific unless
    you are thinking of building your own firewall from scratch. However,
    here is something to try when the firewall is up:

    iptables -I INPUT -i eth1 -p TCP -m multiport --dports 135,139,445 -j ACCEPT
    iptables -I INPUT -i eth1 -p UDP -m multiport --dports 137,138 -j ACCEPT

    These commands are based on

    http://us4.samba.org/samba/docs/man/...#firewallports

    If they provide access to the samba server then perhaps you can find an
    appropriate place or way to add their equivalents to the fc7 iptables
    setup.

    Briefly, the commands insert rules at the beginning of the INPUT chain
    which should allow input to fc7 from the Windows network on samba net-bios
    ports, and may allow samba to work if fc7 output to the Windows network
    is unfettered. No guarantee, I don't use fedora or do Windows.

    --
    Clifford Kite


  5. Re: iptables / Samba / internet connectivity

    On Jan 27, 3:53 am, Clifford Kite wrote:
    > CCW wrote:
    > > Hi,
    > > I've got Samba working (eventually!), and tracked it down to my
    > > iptables configuration. I assume that iptables starts when linux boots
    > > up. In this state, I can't access my samba server from my Windows
    > > machines, but my windows machines can access the internet.
    > > However, when I run,
    > > [root@server~]service iptables stop
    > > I can access samba (set my shares as mapped networked drives etc), but
    > > internet connectivity stops. If I restart iptables, internet
    > > connectivity is restored, but connection to samba stops!
    > > My network is set up as:
    > > Router (192.168.0.1) ----- fc7 server (eth0) 192.168.0.3 -- (eth1)
    > > 192.168.1.100 ----- Windows network (192.168.1.100-120)
    > > When I can't access the internet, I can't ping eth0 (192.168.0.3) or
    > > the router.
    > > Can anyone point me in the direction of a decent tutorial explaining
    > > how to set up iptables to allow my internal network (192.168.1.*)
    > > access to the internet?

    >
    > A decent tutorial would likely have to be distribution-specific unless
    > you are thinking of building your own firewall from scratch. However,
    > here is something to try when the firewall is up:
    >
    > iptables -I INPUT -i eth1 -p TCP -m multiport --dports 135,139,445 -j ACCEPT
    > iptables -I INPUT -i eth1 -p UDP -m multiport --dports 137,138 -j ACCEPT
    >
    > These commands are based on
    >
    > http://us4.samba.org/samba/docs/man/...ion/securing-s...
    >
    > If they provide access to the samba server then perhaps you can find an
    > appropriate place or way to add their equivalents to the fc7 iptables
    > setup.
    >
    > Briefly, the commands insert rules at the beginning of the INPUT chain
    > which should allow input to fc7 from the Windows network on samba net-bios
    > ports, and may allow samba to work if fc7 output to the Windows network
    > is unfettered. No guarantee, I don't use fedora or do Windows.
    >
    > --
    > Clifford Kite


    Thanks, that worked perfectly!

    Chris

+ Reply to Thread