open iptables to connect as client to windows network
Tom H
tomh0665 at gmail.com
Thu May 24 13:46:44 UTC 2012
On Thu, May 24, 2012 at 5:54 AM, oxy <oxyopes at googlemail.com> wrote:
>>
>> why have you got '--state NEW' in there, and
>> does it work if you remove them?
>
> no, the config below blocks me from connecting to win network as well
>
> # samba
> $IPT -A OUTPUT -p tcp --dport 137 -j ACCEPT
> $IPT -A OUTPUT -p udp --dport 137 -j ACCEPT
> $IPT -A OUTPUT -p tcp --dport 138 -j ACCEPT
> $IPT -A OUTPUT -p udp --dport 138 -j ACCEPT
> $IPT -A OUTPUT -p tcp --dport 139 -j ACCEPT
> $IPT -A OUTPUT -p udp --dport 139 -j ACCEPT
> $IPT -A OUTPUT -p tcp --dport 445 -j ACCEPT
> $IPT -A OUTPUT -p udp --dport 445 -j ACCEPT
>
> Seems to be a very simple task, but i cannt get it :-/
>
> Basic question: when u connect to, say port 137,
> the response comes at another port (any nr), but then as
> established connection. How iptables handles with that?
Don't remove "--state NEW" and use the following:
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p udp -m udp --dport 137 -m state --state NEW -j ACCEPT
-A OUTPUT -p udp -m udp --dport 138 -m state --state NEW -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 139 -m state --state NEW -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 445 -m state --state NEW -j ACCEPT
More information about the ubuntu-users
mailing list