Filtering SAMBA
I'm running Samba to provide a single computer in my home with file &
print shares. I have both computers connected peer-peer with a straight
through ethernet cable.
My host, the Samba server, is configured as 192.168.0.1/24 and the
client is configured as 192.168.0.2/24.
I have Samba filtered with IPtables. I tried writing a chain that would
allow full access to both the client and host while protecting Samba
from external connection attemps from the internet.
Now, I'm finding that I cannot browse the network with smbclient or even
gnomba from the Samba server. Basically the Samba section of my
netfilter script looks like this:
# SAMBA
# Filter NetBIOS datagrams in order to protect our network shares
iptables -N SAMBA 2>/dev/null
iptables -A INPUT --protocol udp --destination-port 137:139 -j SAMBA
iptables -A INPUT --protocol tcp --destination-port 137:139 -j SAMBA
iptables -A OUTPUT --protocol udp --source-port 137:139 -j SAMBA
iptables -A OUTPUT --protocol tcp --source-port 137:139 -j SAMBA
LANIFACE="eth0"
LAN="192.168.0.0/24"
# allow our internal network to access the SAMBA server
iptables -A SAMBA -i $LANIFACE -s $LAN -j ACCEPT
iptables -A SAMBA -o $LANIFACE -d $LAN -j ACCEPT
# Log N Drop everything else
iptables -A SAMBA -j LOGNDROP
Do I need to specify access for the localhost? Samba does function
correctly between the server and client. I am able to acces the users
shares, but I cannot browse the network from the server itself.
Any recomendations?
Stef
Reply to: