[TCLUG] ipchains/samba

Tue May 27 09:50:42 CDT 2003

On Tue, 2003-05-27 at 08:30, Raymond Norton wrote:
> I am having trouble accessing samba shares from my local network. If I stop
> ipchains it works fine. can anyone tell me what changes I need to make to
> the following set up.
> 
> -A input -s 0/0 -d 0/0 25 -p tcp -y -j ACCEPT
[etc.]

You seem to be mostly matching on SYN packets (except for UDP streams)
with that '-y' flag.  Those packets are only for initiating a
connection.  Basically, your firewall seems to only let a client machine
say "Hello," replies with "Oh, hi," and then promptly starts ignoring
the client (sounds like some places I've been in real life..)

You'd probably have a lot more luck if you remove the '-y'

Rules similar to yours would probably work on a machine running
iptables, provided there's a rule to allow ESTABLISHED traffic, but
that's a whole other ball of wax...

-- 
 _  _  _  _ _  ___    _ _  _  ___ _ _  __   You poor misguided Canadian
/ \/ \(_)| ' // ._\  / - \(_)/ ./| ' /(__   bastard.
\_||_/|_||_|_\\___/  \_-_/|_|\__\|_|_\ __)  
[ Mike Hicks | http://umn.edu/~hick0088/ | mailto:hick0088 at tc.umn.edu ]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20030527/1ba36598/attachment.pgp