Thread: How to Configure Samba on RedHat Linux
View Single Post
Join Date: Mar 2004
Posts: 1,620
Reputation: kc0arf is a jewel in the rough kc0arf is a jewel in the rough kc0arf is a jewel in the rough 
Solved Threads: 50
Team Colleague
kc0arf kc0arf is offline Offline
Posting Virtuoso

Re: How to Configure Samba on RedHat Linux

 
0
  #7
Jun 21st, 2004
Hello,

IF this computer that you have SAMBA installed on is going to be part of the internet, and if this computer is the firewall, then I would strongly suggest that you firewall out the Microsoft ports, before someone tries to attach to your machine via the internet. I would also firewall out any OUTBOUND messages that SAMBA will try to make so that your computer doesn't show up on someone's Network Neighborhood.

Inside IPTABLES:

## Explicit drops of Samba ports
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 139 -j DROP
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 445 -j DROP
$IPTABLES -A udpin_packets -p UDP -s 0/0 --dport 139 -j DROP
$IPTABLES -A udpin_packets -p UDP -s 0/0 --dport 445 -j DROP

(I have a rule called tcp_packets and udpin_packets. You will have to modify that to fit your IPTABLES firewall. If you are using something else to firewall, take the port numbers and work with it)

# Rule Test to drop Microsoft packets outbound from server.
# Want to stop Samba Advertising
$IPTABLES -A OUTPUT -p TCP -o $INET_IFACE --dport 139 -j DROP
$IPTABLES -A OUTPUT -p TCP -o $INET_IFACE --dport 445 -j DROP
$IPTABLES -A OUTPUT -p TCP -o $INET_IFACE --dport 32875 -j DROP
$IPTABLES -A OUTPUT -p UDP -o $INET_IFACE --source-port 32875 -j DROP
$IPTABLES -A OUTPUT -p UDP -o $INET_IFACE --dport 137 -j DROP

If anyone needs more help with this, come find me.

Christian
Reply With Quote