[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Filtering SAMBA

I'm running Samba to provide a single computer in my home with file &
print shares. I have both computers connected peer-peer with a straight
through ethernet cable.

My host, the Samba server, is configured as and the
client is configured as

I have Samba filtered with IPtables. I tried writing a chain that would
allow full access to both the client and host while protecting Samba
from external connection attemps from the internet.

Now, I'm finding that I cannot browse the network with smbclient or even
gnomba from the Samba server. Basically the Samba section of my
netfilter script looks like this:

# Filter NetBIOS datagrams in order to protect our network shares
iptables -N SAMBA 2>/dev/null
iptables -A INPUT --protocol udp --destination-port 137:139 -j SAMBA
iptables -A INPUT --protocol tcp --destination-port 137:139 -j SAMBA

iptables -A OUTPUT --protocol udp --source-port 137:139 -j SAMBA
iptables -A OUTPUT --protocol tcp --source-port 137:139 -j SAMBA


# allow our internal network to access the SAMBA server
iptables -A SAMBA -i $LANIFACE -s $LAN -j ACCEPT
iptables -A SAMBA -o $LANIFACE -d $LAN -j ACCEPT

# Log N Drop everything else
iptables -A SAMBA -j LOGNDROP

Do I need to specify access for the localhost? Samba does function
correctly between the server and client. I am able to acces the users
shares, but I cannot browse the network from the server itself.

Any recomendations?


Reply to: