iptables / Samba / internet connectivity
in [Linux Networking]
|
Prev: DNS, DHCPD setup: Strange named error in messages: prerequisite not satisfied NXRRSET
Next: NetworkManager und wpa_supplicant overview
From: CCW on 26 Jan 2008 12:50 Hi, I've got Samba working (eventually!), and tracked it down to my iptables configuration. I assume that iptables starts when linux boots up. In this state, I can't access my samba server from my Windows machines, but my windows machines can access the internet. However, when I run, [root(a)server~]service iptables stop I can access samba (set my shares as mapped networked drives etc), but internet connectivity stops. If I restart iptables, internet connectivity is restored, but connection to samba stops! My network is set up as: Router (192.168.0.1) ----- fc7 server (eth0) 192.168.0.3 -- (eth1) 192.168.1.100 ----- Windows network (192.168.1.100-120) When I can't access the internet, I can't ping eth0 (192.168.0.3) or the router. Can anyone point me in the direction of a decent tutorial explaining how to set up iptables to allow my internal network (192.168.1.*) access to the internet? Thanks, Chris
From: Thorsten Kohlhepp on 26 Jan 2008 14:45 CCW wrote: > Hi, > > I've got Samba working (eventually!), and tracked it down to my > iptables configuration. I assume that iptables starts when linux boots > up. In this state, I can't access my samba server from my Windows > machines, but my windows machines can access the internet. > > However, when I run, > > [root(a)server~]service iptables stop > > I can access samba (set my shares as mapped networked drives etc), but > internet connectivity stops. If I restart iptables, internet > connectivity is restored, but connection to samba stops! > > My network is set up as: > > Router (192.168.0.1) ----- fc7 server (eth0) 192.168.0.3 -- (eth1) > 192.168.1.100 ----- Windows network (192.168.1.100-120) > > When I can't access the internet, I can't ping eth0 (192.168.0.3) or > the router. > > Can anyone point me in the direction of a decent tutorial explaining > how to set up iptables to allow my internal network (192.168.1.*) > access to the internet? > > Thanks, > Chris Run an iptables --list and check the policy of your firewall rules. To remove all rules run iptables -F and change the policy to ACCEPT with iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT That means no firewall is running and you accept any traffic IN, OUT and FORWARD. This should also allow connections to your samba server. Ciao thorko
From: 7 on 26 Jan 2008 15:30 CCW wrote: > Hi, > > I've got Samba working (eventually!), and tracked it down to my > iptables configuration. I assume that iptables starts when linux boots > up. In this state, I can't access my samba server from my Windows > machines, but my windows machines can access the internet. > > However, when I run, > > [root(a)server~]service iptables stop > > I can access samba (set my shares as mapped networked drives etc), but > internet connectivity stops. If I restart iptables, internet > connectivity is restored, but connection to samba stops! > > My network is set up as: > > Router (192.168.0.1) ----- fc7 server (eth0) 192.168.0.3 -- (eth1) > 192.168.1.100 ----- Windows network (192.168.1.100-120) > > When I can't access the internet, I can't ping eth0 (192.168.0.3) or > the router. > > Can anyone point me in the direction of a decent tutorial explaining > how to set up iptables to allow my internal network (192.168.1.*) > access to the internet? > > Thanks, > Chris Not to subtract from what you have accomplished, you may find ssh a lot easier to set up and use. It has 128 bit encryption so you can use it right across the globe. After enabling ssh, you can log in via command line, or I find easier - konqueror. Typing a url like this... fish://username(a)ipaddress to login. You can have multiple tabs open to connect to multiple servers securely and transfer files with cut and paste or drag and drop. From windopws, you can run winscp which gives you drag and drop file copy with ssh.
From: Clifford Kite on 26 Jan 2008 22:53
CCW <c.c.wood(a)gmail.com> wrote: > Hi, > I've got Samba working (eventually!), and tracked it down to my > iptables configuration. I assume that iptables starts when linux boots > up. In this state, I can't access my samba server from my Windows > machines, but my windows machines can access the internet. > However, when I run, > [root(a)server~]service iptables stop > I can access samba (set my shares as mapped networked drives etc), but > internet connectivity stops. If I restart iptables, internet > connectivity is restored, but connection to samba stops! > My network is set up as: > Router (192.168.0.1) ----- fc7 server (eth0) 192.168.0.3 -- (eth1) > 192.168.1.100 ----- Windows network (192.168.1.100-120) > When I can't access the internet, I can't ping eth0 (192.168.0.3) or > the router. > Can anyone point me in the direction of a decent tutorial explaining > how to set up iptables to allow my internal network (192.168.1.*) > access to the internet? A decent tutorial would likely have to be distribution-specific unless you are thinking of building your own firewall from scratch. However, here is something to try when the firewall is up: iptables -I INPUT -i eth1 -p TCP -m multiport --dports 135,139,445 -j ACCEPT iptables -I INPUT -i eth1 -p UDP -m multiport --dports 137,138 -j ACCEPT These commands are based on http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-samba.html#firewallports If they provide access to the samba server then perhaps you can find an appropriate place or way to add their equivalents to the fc7 iptables setup. Briefly, the commands insert rules at the beginning of the INPUT chain which should allow input to fc7 from the Windows network on samba net-bios ports, and may allow samba to work if fc7 output to the Windows network is unfettered. No guarantee, I don't use fedora or do Windows. -- Clifford Kite |