Re: Iptables

To: debian-user@lists.debian.org
Subject: Re: Iptables
From: Tom Furie <tom@furie.org.uk>
Date: Fri, 27 Jun 2014 19:35:46 +0100
Message-id: <[🔎] 20140627183546.GB9669@furie.org.uk>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 53ADB123.2020603@yahoo.fr>
References: <[🔎] 53AD5FFC.5080306@yahoo.fr> <[🔎] 20140627122458.GJ4955@europecamions-interactive.com> <[🔎] 53ADB123.2020603@yahoo.fr>

On Fri, Jun 27, 2014 at 08:00:03PM +0200, Diogene Laerce wrote:

> >> I try to authorize the 192.168.0.2 host to connect to samba  but the
> >> server host 192.168.0.1 won't let me with the following statement :
> >>
> >> ************************************************************************
> >>
> >> iptables -A INPUT -i eth0 -p udp -s 192.168.0.2/32 -d 192.168.0.1
> >> --dport 137 -j ACCEPT
> >> iptables -A INPUT -i eth0 -p udp -s 192.168.0.2/32 -d 192.168.0.1
> >> --dport 138 -j ACCEPT
> >> iptables -A INPUT -i eth0 -m state --state NEW,ESTABLISHED -p tcp -s
> >> 192.168.0.2/32 -d 192.168.0.1 --dport 139 -j ACCEPT
> >> iptables -A INPUT -i eth0 -m state --state NEW,ESTABLISHED -p tcp -s
> >> 192.168.0.2/32 -d 192.168.0.1 --dport 445 -j ACCEPT
> >>
> >> ************************************************************************

> # Allow incomings for SAMBA
> iptables -A INPUT -i eth0 -m udp -p udp -s 192.168.0.11 -d 192.168.0.10
> --dport 137 -j ACCEPT
> iptables -A INPUT -i eth0 -m udp -p udp -s 192.168.0.11 -d 192.168.0.10
> --dport 138 -j ACCEPT
> iptables -A INPUT -i eth0 -m tcp -p tcp -s 192.168.0.11 -d 192.168.0.10
> --dport 139 -m state --state RELATED -j ACCEPT
> iptables -A INPUT -i eth0 -m tcp -p tcp -s 192.168.0.11 -d 192.168.0.10
> --dport 445 -m state --state RELATED -j ACCEPT

The only significant difference I see between these rulesets is in the
source and destination addresses. Are you testing these new rules on a
different machine, or the same machine? Are you testing with a different
remote machine, or the same one as previously?

> I didn't or at least not on purpose. I just reply to the list on a
> random message and make a new topic of it for light convenience. I

That is exactly what "hijacking" a thread entails. To start a new thread
create a new mail, don't reply to an existing thread and simply change
the subject.

> didn't know it could do any harm. And actually, I even don't understand
> how you can know that ? Please explain, I will sleep a bit light less
> dumber tonight. ;)

Email programs that understand proper threading show your original
message on this subject as being a reply to a message on a completely
unrelated thread.

Cheers,
Tom

-- 
Your present plans will be successful.

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: Iptables
  - From: Diogene Laerce <me_buss777@yahoo.fr>

References:
- Iptables
  - From: Diogene Laerce <me_buss777@yahoo.fr>
- Re: Iptables
  - From: David Guyot <david.guyot@europecamions-interactive.com>
- Re: Iptables
  - From: Diogene Laerce <me_buss777@yahoo.fr>

Prev by Date: Re: Iptables
Next by Date: Re: Iptables
Previous by thread: Re: Iptables
Next by thread: Re: Iptables
Index(es):
- Date
- Thread