iptables / Samba / internet connectivity

Hi,

I've got Samba working (eventually!), and tracked it down to my
iptables configuration. I assume that iptables starts when linux boots
up. In this state, I can't access my samba server from my Windows
machines, but my windows machines can access the internet.

However, when I run,

[root@server~]service iptables stop

I can access samba (set my shares as mapped networked drives etc), but
internet connectivity stops. If I restart iptables, internet
connectivity is restored, but connection to samba stops!

My network is set up as:

Router (192.168.0.1) ----- fc7 server (eth0) 192.168.0.3 -- (eth1)
192.168.1.100 ----- Windows network (192.168.1.100-120)

When I can't access the internet, I can't ping eth0 (192.168.0.3) or
the router.

Can anyone point me in the direction of a decent tutorial explaining
how to set up iptables to allow my internal network (192.168.1.*)
access to the internet?

Thanks,
Chris

CCW wrote:
> Hi,
>
> I've got Samba working (eventually!), and tracked it down to my
> iptables configuration. I assume that iptables starts when linux boots
> up. In this state, I can't access my samba server from my Windows
> machines, but my windows machines can access the internet.
>
> However, when I run,
>
> [root@server~]service iptables stop
>
> I can access samba (set my shares as mapped networked drives etc), but
> internet connectivity stops. If I restart iptables, internet
> connectivity is restored, but connection to samba stops!
>
> My network is set up as:
>
> Router (192.168.0.1) ----- fc7 server (eth0) 192.168.0.3 -- (eth1)
> 192.168.1.100 ----- Windows network (192.168.1.100-120)
>
> When I can't access the internet, I can't ping eth0 (192.168.0.3) or
> the router.
>
> Can anyone point me in the direction of a decent tutorial explaining
> how to set up iptables to allow my internal network (192.168.1.*)
> access to the internet?
>
> Thanks,
> Chris
Run an iptables --list and check the policy of your firewall rules. To
remove all rules run iptables -F and change the policy to ACCEPT with
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
That means no firewall is running and you accept any traffic IN, OUT and
FORWARD.
This should also allow connections to your samba server.
Ciao
thorko

CCW wrote:

> Hi,
>
> I've got Samba working (eventually!), and tracked it down to my
> iptables configuration. I assume that iptables starts when linux boots
> up. In this state, I can't access my samba server from my Windows
> machines, but my windows machines can access the internet.
>
> However, when I run,
>
> [root@server~]service iptables stop
>
> I can access samba (set my shares as mapped networked drives etc), but
> internet connectivity stops. If I restart iptables, internet
> connectivity is restored, but connection to samba stops!
>
> My network is set up as:
>
> Router (192.168.0.1) ----- fc7 server (eth0) 192.168.0.3 -- (eth1)
> 192.168.1.100 ----- Windows network (192.168.1.100-120)
>
> When I can't access the internet, I can't ping eth0 (192.168.0.3) or
> the router.
>
> Can anyone point me in the direction of a decent tutorial explaining
> how to set up iptables to allow my internal network (192.168.1.*)
> access to the internet?
>
> Thanks,
> Chris


Not to subtract from what you have accomplished, you may find ssh
a lot easier to set up and use. It has 128 bit encryption
so you can use it right across the globe.

After enabling ssh, you can log in via command line, or I find
easier - konqueror. Typing a url like this...
fish://username@ipaddress to login. You can have multiple tabs open
to connect to multiple servers securely and transfer files with
cut and paste or drag and drop.

From windopws, you can run winscp which gives you drag and drop
file copy with ssh.

CCW <(E-Mail Removed)> wrote:
> Hi,

> I've got Samba working (eventually!), and tracked it down to my
> iptables configuration. I assume that iptables starts when linux boots
> up. In this state, I can't access my samba server from my Windows
> machines, but my windows machines can access the internet.

> However, when I run,

> [root@server~]service iptables stop

> I can access samba (set my shares as mapped networked drives etc), but
> internet connectivity stops. If I restart iptables, internet
> connectivity is restored, but connection to samba stops!

> My network is set up as:

> Router (192.168.0.1) ----- fc7 server (eth0) 192.168.0.3 -- (eth1)
> 192.168.1.100 ----- Windows network (192.168.1.100-120)

> When I can't access the internet, I can't ping eth0 (192.168.0.3) or
> the router.

> Can anyone point me in the direction of a decent tutorial explaining
> how to set up iptables to allow my internal network (192.168.1.*)
> access to the internet?

A decent tutorial would likely have to be distribution-specific unless
you are thinking of building your own firewall from scratch. However,
here is something to try when the firewall is up:

iptables -I INPUT -i eth1 -p TCP -m multiport --dports 135,139,445 -j ACCEPT
iptables -I INPUT -i eth1 -p UDP -m multiport --dports 137,138 -j ACCEPT

These commands are based on

http://us4.samba.org/samba/docs/man/...#firewallports

If they provide access to the samba server then perhaps you can find an
appropriate place or way to add their equivalents to the fc7 iptables
setup.

Briefly, the commands insert rules at the beginning of the INPUT chain
which should allow input to fc7 from the Windows network on samba net-bios
ports, and may allow samba to work if fc7 output to the Windows network
is unfettered. No guarantee, I don't use fedora or do Windows.

--
Clifford Kite

On Jan 27, 3:53 am, Clifford Kite <k...@not.available.tld> wrote:
> CCW <c.c.w...@gmail.com> wrote:
> > Hi,
> > I've got Samba working (eventually!), and tracked it down to my
> > iptables configuration. I assume that iptables starts when linux boots
> > up. In this state, I can't access my samba server from my Windows
> > machines, but my windows machines can access the internet.
> > However, when I run,
> > [root@server~]service iptables stop
> > I can access samba (set my shares as mapped networked drives etc), but
> > internet connectivity stops. If I restart iptables, internet
> > connectivity is restored, but connection to samba stops!
> > My network is set up as:
> > Router (192.168.0.1) ----- fc7 server (eth0) 192.168.0.3 -- (eth1)
> > 192.168.1.100 ----- Windows network (192.168.1.100-120)
> > When I can't access the internet, I can't ping eth0 (192.168.0.3) or
> > the router.
> > Can anyone point me in the direction of a decent tutorial explaining
> > how to set up iptables to allow my internal network (192.168.1.*)
> > access to the internet?
>
> A decent tutorial would likely have to be distribution-specific unless
> you are thinking of building your own firewall from scratch. However,
> here is something to try when the firewall is up:
>
> iptables -I INPUT -i eth1 -p TCP -m multiport --dports 135,139,445 -j ACCEPT
> iptables -I INPUT -i eth1 -p UDP -m multiport --dports 137,138 -j ACCEPT
>
> These commands are based on
>
> http://us4.samba.org/samba/docs/man/...ion/securing-s...
>
> If they provide access to the samba server then perhaps you can find an
> appropriate place or way to add their equivalents to the fc7 iptables
> setup.
>
> Briefly, the commands insert rules at the beginning of the INPUT chain
> which should allow input to fc7 from the Windows network on samba net-bios
> ports, and may allow samba to work if fc7 output to the Windows network
> is unfettered. No guarantee, I don't use fedora or do Windows.
>
> --
> Clifford Kite

Thanks, that worked perfectly!

Chris