sudipmis
asked on
IPtables help. Windows networking issue
Hi,
These are the entries in my iptables but I keep receiving a permissions denied error whenever i browse over to the linux server's shares. All is good when the firewall is stopped.
# Firewall configuration written by system-config-securityleve
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-A RH-Firewall-1-INPUT -s 10.0.9.0/22 -p tcp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -s 10.0.9.0/22 -p tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -s 10.0.9.0/22 -p udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -s 10.0.9.0/22 -p udp --dport 138 -j ACCEPT
Thanks.
These are the entries in my iptables but I keep receiving a permissions denied error whenever i browse over to the linux server's shares. All is good when the firewall is stopped.
# Firewall configuration written by system-config-securityleve
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-A RH-Firewall-1-INPUT -s 10.0.9.0/22 -p tcp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -s 10.0.9.0/22 -p tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -s 10.0.9.0/22 -p udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -s 10.0.9.0/22 -p udp --dport 138 -j ACCEPT
Thanks.
ASKER
Hi,
added those entries but no luck. still get the same error, "resource not available."
added those entries but no luck. still get the same error, "resource not available."
put the -j REJECT as the last rule... it matches the rules in a linear order
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks. REJECT was it.
iptables -A INPUT -p tcp -m multiport -s 10.0.9.0/22 --destination-ports 445,135,136,137,138,139 -j ACCEPT
iptables -A OUTPUT -p tcp -m multiport -d 10.0.9.0/22 --destination-ports 445,135,136,137,138,139 -j ACCEPT
iptables -A INPUT -p udp -m multiport -s 10.0.9.0/22 --destination-ports 445,135,136,137,138,139 -j ACCEPT
iptables -A OUTPUT -p udp -m multiport -d 10.0.9.0/22 --destination-ports 445,135,136,137,138,139 -j ACCEPT