| View previous topic :: View next topic |
| Author |
Message |
WaMan
Tux's lil' helper
Joined: 28 Jun 2002
Posts: 96
|
 Posted: Mon May 10, 2004 2:50 am Post subject: samba client and iptables |
 |
|
I would like to use the samba client to see some windows shares. I have not set up any samba shares. What is the minimum set of iptables rules that will allow the nautilus smb: client to work?
'iptables -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT' doesn't seem to be enought. |
|
| Back to top |
|
 |
turtlendog
Tux's lil' helper
Joined: 31 Jan 2004
Posts: 107
Location: East AZ
|
| Posted: Mon May 10, 2004 5:28 am Post subject: |
|
|
This almost calls for ascii art. 
I''m on a large network that I don't trust. I use a firewall. I need to use Microsoft-mail to pick up email from the un-trusted network (ms-mail uses SMB). It happens that I control several Linux computers in my DMZ and have one running 24/7 on the wild network.
This sctipt uses ssh to connect to a computer inside my DMZ which does not need SMB (otherwise I would have to do some trick to change the ports if I wanted to use this and SMB on the same host).
SSH forwards my packets to the only SMB host I need to talk to (using encryption BTW). (It could just as well be the sshhost)
When I want to do a MS-mail transaction:
I start the following script...
Direct my MS-mail queries at the DMZ host which is doing the forwarding.
Download my mail.
And kill the script to bring down the tunel.
I have been meaning to automate it when a mail event happens, but haven't gotten arround to it yet.
| Code: | #!/bin/bash
trap cleanup INT
# the target host (cd-tower)
smbhost=10.10.72.5
# my ssh host on the same subnet as the smbhost
sshhost=rmccweb
# command
cmd="ssh -gNL 137:$smbhost:137 -L 138:$smbhost:138 -L 139:$smbhost:139 $sshhost"
function cleanup(){
echo "Bringing down the SSH tunnel to $smbhost through $sshhost."
echo "The following ssh processes are now running on $sshhost."
ssh $sshhost ps x | grep ssh
exit 0
}
echo "Forwarding SMB over SSH to $smbhost through $sshhost..."
echo "Use CTRL+c to bring down the tunnel."
ssh jemima "$cmd&" |
It should be adaptable to your problem.
The process list is so that I can make sure that the tunel came down.
If you run SMB on the firewall (why would you if it's a real firewall?) you can also mount from there, then reshare the mounted dir on the inside. |
|
| Back to top |
|
|
WaMan
Tux's lil' helper
Joined: 28 Jun 2002
Posts: 96
|
| Posted: Tue May 11, 2004 11:07 pm Post subject: |
|
|
| Thanks for the reply, but I'm not really sure if that's what I'm looking for. I just want to know what the minimum set of iptables rules are that will allow my smb client (not server) to browse the network. |
|
| Back to top |
|
|
|
Networking & Security
