Dear readers,
I am currently running a few ubuntu servers (10.10 server edition) and I really like the entire system. Never had any problems that I couldn't solve by searching this forum. I am currently running the servers with apache, mysql, ftp etc etc.. I am using iptables as the firewall.
A few days ago I installed samba. It seems to work on only local subnet. When I am trying to access ftp from outside, or apache, it also works like a charm. I think i opened the right samba ports. I think i'm missing some sort of port config for the samba shares. Here is (a part of) my iptables-save which I use to restore on boot, etc. When I flush (-F) iptables the samba share is accesible from outside the building. When I use the following iptables setup it stops working. So: problem exists in iptables -> not in samba.
this is (a part of) my iptables.rules save:
# Generated by iptables-save v1.4.0 on XXX
*filter
:INPUT ACCEPT [9759:831406]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [6091:906484]
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m udp --dport 137 -j ACCEPT
-A INPUT -p udp -m udp --dport 138 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 139 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 445 -j ACCEPT
-A INPUT -p tcp --syn --dport 49152:65534 -j ACCEPT
-A INPUT -j DROP
COMMIT
It seems to me that I am missing some sort of
-A INPUT -p tcp --syn --dport 49152:65534 -j ACCEPT
Like I am using for active FTP. correct me if i am wrong!
Now: Is there any iptables Pro which spots the problem? I would love to not only hear the solution, but also to understand the solution, since am I am not a Pro myself (yet ^^).
Thanks in advance,
DsWz!
Bookmarks