Re: Filtering SAMBA
Just add the line:
allow hosts = 192.168.0.
to your /etc/samba/smb.conf
that should do it... you may also add just single hostnames to "allow
hosts" e.g.:
allow hosts = 192.168.0.1 192.168.0.2
cu
- Soeren
On 18 Jun 2001 00:35:10 -0600, Stefan Srdic wrote:
> I'm running Samba to provide a single computer in my home with file &
> print shares. I have both computers connected peer-peer with a straight
> through ethernet cable.
>
> My host, the Samba server, is configured as 192.168.0.1/24 and the
> client is configured as 192.168.0.2/24.
>
> I have Samba filtered with IPtables. I tried writing a chain that would
> allow full access to both the client and host while protecting Samba
> from external connection attemps from the internet.
>
> Now, I'm finding that I cannot browse the network with smbclient or even
> gnomba from the Samba server. Basically the Samba section of my
> netfilter script looks like this:
>
> # SAMBA
> # Filter NetBIOS datagrams in order to protect our network shares
> iptables -N SAMBA 2>/dev/null
> iptables -A INPUT --protocol udp --destination-port 137:139 -j SAMBA
> iptables -A INPUT --protocol tcp --destination-port 137:139 -j SAMBA
>
> iptables -A OUTPUT --protocol udp --source-port 137:139 -j SAMBA
> iptables -A OUTPUT --protocol tcp --source-port 137:139 -j SAMBA
>
> LANIFACE="eth0"
> LAN="192.168.0.0/24"
>
> # allow our internal network to access the SAMBA server
> iptables -A SAMBA -i $LANIFACE -s $LAN -j ACCEPT
> iptables -A SAMBA -o $LANIFACE -d $LAN -j ACCEPT
>
> # Log N Drop everything else
> iptables -A SAMBA -j LOGNDROP
>
> Do I need to specify access for the localhost? Samba does function
> correctly between the server and client. I am able to acces the users
> shares, but I cannot browse the network from the server itself.
>
> Any recomendations?
>
> Stef
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
Reply to: