Re: Filtering SAMBA
Just add the line:
allow hosts = 192.168.0.
to your /etc/samba/smb.conf
that should do it... you may also add just single hostnames to "allow
allow hosts = 192.168.0.1 192.168.0.2
On 18 Jun 2001 00:35:10 -0600, Stefan Srdic wrote:
> I'm running Samba to provide a single computer in my home with file &
> print shares. I have both computers connected peer-peer with a straight
> through ethernet cable.
> My host, the Samba server, is configured as 192.168.0.1/24 and the
> client is configured as 192.168.0.2/24.
> I have Samba filtered with IPtables. I tried writing a chain that would
> allow full access to both the client and host while protecting Samba
> from external connection attemps from the internet.
> Now, I'm finding that I cannot browse the network with smbclient or even
> gnomba from the Samba server. Basically the Samba section of my
> netfilter script looks like this:
> # SAMBA
> # Filter NetBIOS datagrams in order to protect our network shares
> iptables -N SAMBA 2>/dev/null
> iptables -A INPUT --protocol udp --destination-port 137:139 -j SAMBA
> iptables -A INPUT --protocol tcp --destination-port 137:139 -j SAMBA
> iptables -A OUTPUT --protocol udp --source-port 137:139 -j SAMBA
> iptables -A OUTPUT --protocol tcp --source-port 137:139 -j SAMBA
> # allow our internal network to access the SAMBA server
> iptables -A SAMBA -i $LANIFACE -s $LAN -j ACCEPT
> iptables -A SAMBA -o $LANIFACE -d $LAN -j ACCEPT
> # Log N Drop everything else
> iptables -A SAMBA -j LOGNDROP
> Do I need to specify access for the localhost? Samba does function
> correctly between the server and client. I am able to acces the users
> shares, but I cannot browse the network from the server itself.
> Any recomendations?
> To UNSUBSCRIBE, email to firstname.lastname@example.org
> with a subject of "unsubscribe". Trouble? Contact email@example.com