[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Filtering SAMBA

Soeren H wrote:
Just add the line:

allow hosts = 192.168.0.

to your /etc/samba/smb.conf
that should do it... you may also add just single hostnames to "allow
hosts" e.g.:

allow hosts =

- Soeren

Some of the global security settings in /etc/samba/smb.conf look like:

interfaces = eth1
bind interfaces _only_ = Yes
restrict anonymous = Yes
invalid users = root
hosts allow = 192.168.0.
hosts deny = All

As I posted earlier my IPtables rules closely match this behavior, allow NetBIOS packets on eth1, allow access to eth1 from

Without IPtables this setup works perfectly, I can browse the network and mount shares from my Linux box or my Windows box with no problems.

Depending how you configured Samba for hosts name resolution ( broadcast,
wins, lmhosts ) you have to change ( or not ) your rules. If ( and I think
that is your problem ) host resolution is resolved by broadcasting you
should permit broadcast queries originated by your server.



Is there a host name resolution method that does not use broadcasts? Which one resolution method is preferred?

I have all default chain policies set to accept, so broadcast should not be afected by any IPtables rules. Do you know which port/service that these Samba broadcast originate from?


Reply to: