What you'll want to do is only open it up for your internal interface, and not to the world. You'll want to add something like this in: ipchains -A input -p tcp -s <localnet> -d <int-if-ip> 137:139 -i <int-if> -j ACCEPT ipchains -A input -p udp -s <localnet> -d <int-if-ip> 137:139 -i <int-if> -j ACCEPT Where <localnet> would look something like '192.168.0.0/24' Where <int-if-ip> would be the internal ip of the firewall, such as '192.168.0.1/32' Where <int-if> is the internal interface, such as 'eth1' HTH, Some guy working for some ISP. "Failure is not an option, it comes pre-installed with your Windoze software..." -Unknown "He who fights with monsters should look to it that he himself does not become a monster...when you gaze long into the abyss the abyss also gazes into you." -Friedrich Nietzsche -----Original Message----- From: office [mailto:office@tride.net] Sent: Tuesday, April 17, 2001 3:58 AM To: suse-security@suse.com Subject: [suse-security] Re: samba on firewall When setting samba=yes in firewall.rc.config, udp-port 137:138 is open for the whole world. I want to close these ports. But when i set samba to "no" and opening the tcp and upd ports for samba only for my internal network, it doesn't work. Need help.
i think tcp is missing for data-copying IPCHAINS -A input -j "$ACCEPT" -p TCP -d 0/0 137:138 $LAA
----- Original Message ----- From: office To: suse-security@suse.de Sent: Tuesday, April 17, 2001 12:03 PM Subject: [suse-security] samba on firewall Hello list! Why does samba on the firewall don't work whitout this rule??? IPCHAINS -A input -j "$ACCEPT" -p udp -d 0/0 137:138 $LAA When appending this rule, everybody can send UPD packets to 137:138. I've tried to open tcp 135:139 and udp 135:139 only for internal network but it doesn't work...clients cant use samba any hints? yours B