IPtables help. Windows networking issue

Posted on 2006-05-16
Last Modified: 2010-04-20
   These are the entries in my iptables but I keep receiving a permissions denied error whenever i browse over to the linux server's shares. All is good when the firewall is stopped.

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-A RH-Firewall-1-INPUT -s -p tcp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -s -p tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -s -p udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -s -p udp --dport 138 -j ACCEPT

Question by:sudipmis
    LVL 12

    Expert Comment

    Try this..

    iptables -A INPUT -p tcp -m multiport -s --destination-ports 445,135,136,137,138,139 -j ACCEPT
    iptables -A OUTPUT -p tcp -m multiport -d --destination-ports 445,135,136,137,138,139 -j ACCEPT
    iptables -A INPUT -p udp -m multiport -s --destination-ports 445,135,136,137,138,139 -j ACCEPT
    iptables -A OUTPUT -p udp -m multiport -d --destination-ports 445,135,136,137,138,139 -j ACCEPT

    Author Comment

       added those entries but no luck. still get the same error, "resource not available."
    LVL 8

    Expert Comment

    put the -j REJECT as the last rule... it matches the rules in a linear order
    LVL 8

    Accepted Solution

    btw, you may need to specify the state as NEW

    -A RH-Firewall-1-INPUT -s -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT

    for all your rules since you will be initiating the connection to the linux server

    Author Comment

    Thanks. REJECT was it.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Daily system administration tasks often require administrators to connect remote systems. But allowing these remote systems to accept passwords makes these systems vulnerable to the risk of brute-force password guessing attacks. Furthermore there ar…
    Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
    Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
    Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now