Guest Zo Posted December 8, 2002 Report Share Posted December 8, 2002 hi, I had set samba via Mke control center/network/samba (drakwiz RPM) to authorized only the owner user's to acces his directory, then I authorized 137 138 139 tcp and udp ports via Mke control center/firewall/advanced to allow other local computer's network to acces that directory. What a surprise the directory was accesible for everybody from internet, simply doing a my ip in browser. I took webmin to correct them, then make that directory not browseable, then autorized only local computer to acces samba. but now any local computer can show this directory, and if I make the directory browseable again every body acces that directory via my ip. What to do ? Is there a good tutorial to setup samba via webmin ? Quote Link to comment Share on other sites More sharing options...
Guest Zo Posted December 8, 2002 Report Share Posted December 8, 2002 I have add this line to smb.conf and it seems to work hosts allow = 192.168.0.0/255.255.255.0 127.0.0.01 hosts deny = ALL interfaces = 192.168.0.0/255.255.255.0 127.0.0.1 build interfaces only = yes Quote Link to comment Share on other sites More sharing options...
MottS Posted December 20, 2002 Report Share Posted December 20, 2002 You probably have two nics so only open ports 137 138 and 139 to your LAN nic. Two steps 1) Open port 137, 138 and 139 from MCC->Security->Firewall. Ie, clic the 'advanced' button and put the following line into it: 137/tcp 138/tcp 139/tcp 137/udp 138/udp 139/udp clic OK and close the MCC. 2) Open /etc/shorewall/rules and remove those ports from the ACCEPT net' line. Here are mine and port 137, 138 and 139 are open only for my LAN. They are stealth from the net. ACCEPT net fw udp 4662,6891,6892 -ACCEPT net fw tcp 80,443,4662,6891,6892 - ACCEPT masq fw udp 4662,6891,6892,137,138,139 - ACCEPT masq fw tcp 80,443,4662,6891,6892,137,138,139 - ACCEPT loc fw udp 4662,6891,6892,137,138,139 - ACCEPT loc fw tcp 80,443,4662,6891,6892,137,138,139 - ACCEPT masq fw tcp domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp - ACCEPT masq fw udp domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp - ACCEPT fw masq tcp 631,137,138,139 - ACCEPT fw masq udp 631,137,138,139 - Port 4662, 6891 and 6892 are for eDonkey and AMSN (file transfer) so forget about them ... .. just another solution if you have more that one person on your lan and don't want to enter their IP in smb.conf. MOttS Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.