Iptables rule for windows file sharing?
Rick Stevens
rstevens at vitalstream.com
Fri Jan 28 21:49:39 UTC 2005
cjlesh wrote:
> Hey all:
>
> Thanks for the replies, however none of these seem to work for me...any other ideas?
>
> Again, when I disable the firewall I can see and access the shares, but I can't seem to find a reasonable set of firewall rules to enable this.
>
> Anyway to make this work with the system-config-security level gui?
You need to permit incoming TCP and UDP to ports 137-139 and 445. I'd
restrict the source address to machines on your subnet. Some simple
rules that can be inserted into your /etc/sysconfig/iptables file
(assuming you're using 192.168.1.x/24 as your local network) would be:
-A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 137:139 -j ACCEPT
-A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 137:139 -j ACCEPT
-A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 445 -j ACCEPT
-A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 445 -j ACCEPT
TCP/UDP port 445 is used for Windows domain services and may not be
necessary if you're not running a Windows domain or use domain security.
As for the GUI, simply add in those ports.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer rstevens at vitalstream.com -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- Hard work has a future payoff. Laziness pays off now. -
----------------------------------------------------------------------
More information about the users
mailing list