Guest MajinNitz Posted February 13, 2003 Report Share Posted February 13, 2003 Trying to run samba on my gateway for LAN but i hear its bad to leave port 139 open, can anyone confirm this: do i need to add a line to iptables to block it? i set up the gui firewall and not manually. I could also just move the drive with all the data to a windows machine if this becomes too much a problem. Thanks, late :) Quote Link to comment Share on other sites More sharing options...
MottS Posted February 13, 2003 Report Share Posted February 13, 2003 Trying to run samba on my gateway for LAN but i hear its bad to leave port 139 open, can anyone confirm this: do i need to add a line to iptables to block it? i set up the gui firewall and not manually. I could also just move the drive with all the data to a windows machine if this becomes too much a problem. Thanks, late :) Yes it is dangerous to let port 139 open from the net. I really suggest you to drop all ports exept those you really needs. (like port 80 if you run Apache or 22 if you need to access your boxes with SSH). If you have lots of boxes connected to the server/firewall, I would block all ports from the net but let the ports opened from the inside. This way you'll be able to share files with Samba internally but port 139 will be stealth from the outside. Shorewall (that is on your MDK cds) can do that. I have no idea what is the plain iptable command to achieve this though Hope this help MOttS Quote Link to comment Share on other sites More sharing options...
Guest MajinNitz Posted February 13, 2003 Report Share Posted February 13, 2003 thanks, i will shut 'er down until i figure out iptables Quote Link to comment Share on other sites More sharing options...
MottS Posted February 13, 2003 Report Share Posted February 13, 2003 You can use a firewall like Shorewall, Guarddog or Firestarter. Those piece of software write IPtable rules according to what you write in the config file (in the case of Shorewall) of what you clic in the GUI (in the case of Guarddog and Firestarter). If you are on earlier version of MDK like 8.1 and 8.2, you can install Bastille (another firewall) from your cds. If you use the latest release of MDK you can install Shorewall, which is really good and easy to configure. All the config files are in /etc/shorewall and they are well documented with examples. So don't bother to learn IPtable, .. install Shorewall (or any other firewall) and protect your network. MOttS Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.