[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Filtering SAMBA

Just add the line:

allow hosts = 192.168.0.

to your /etc/samba/smb.conf
that should do it... you may also add just single hostnames to "allow
hosts" e.g.:

allow hosts =

- Soeren

On 18 Jun 2001 00:35:10 -0600, Stefan Srdic wrote:
> I'm running Samba to provide a single computer in my home with file &
> print shares. I have both computers connected peer-peer with a straight
> through ethernet cable.
> My host, the Samba server, is configured as and the
> client is configured as
> I have Samba filtered with IPtables. I tried writing a chain that would
> allow full access to both the client and host while protecting Samba
> from external connection attemps from the internet.
> Now, I'm finding that I cannot browse the network with smbclient or even
> gnomba from the Samba server. Basically the Samba section of my
> netfilter script looks like this:
> # Filter NetBIOS datagrams in order to protect our network shares
> iptables -N SAMBA 2>/dev/null
> iptables -A INPUT --protocol udp --destination-port 137:139 -j SAMBA
> iptables -A INPUT --protocol tcp --destination-port 137:139 -j SAMBA
> iptables -A OUTPUT --protocol udp --source-port 137:139 -j SAMBA
> iptables -A OUTPUT --protocol tcp --source-port 137:139 -j SAMBA
> LANIFACE="eth0"
> LAN=""
> # allow our internal network to access the SAMBA server
> iptables -A SAMBA -i $LANIFACE -s $LAN -j ACCEPT
> iptables -A SAMBA -o $LANIFACE -d $LAN -j ACCEPT
> # Log N Drop everything else
> iptables -A SAMBA -j LOGNDROP
> Do I need to specify access for the localhost? Samba does function
> correctly between the server and client. I am able to acces the users
> shares, but I cannot browse the network from the server itself.
> Any recomendations?
> Stef
> --  
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: