Home Forum Sicurezza & Firewall Configurazione Firewall Problema IPTABLES e SAMBA

Problema IPTABLES e SAMBA

Login o registrati per inviare commenti
Nessuna risposta
Dom, 15/08/2010 - 10:25
Ritratto di hunterbit
hunterbit
(Newbie)
Offline
Newbie
Iscritto: 05/07/2009
Messaggi: 2

Ciao a tutti,
ho un server configurato per uso Hotspot WIFI e quindi con iptables configurato.
Ora sullo stesso server ho la necessità di usare delle cartelle condivise e quindi di configurare
iptables in modo da non bloccare samba.
In rete ho trovato varie guide per aprire le porte che servono a samba ma senza risultato...non riesco neanche
a raggiungere il server.
Posto di seguito la configurazione di iptables

#!/bin/sh
#
# Firewall script for ChilliSpot
# A Wireless LAN Access Point Controller
#
# Uses $EXTIF (eth0) as the external interface (Internet or intranet) and
# $INTIF (eth1) as the internal interface (access points).
#
#
# SUMMARY
# * All connections originating from chilli are allowed.
# * Only ssh is allowed in on external interface.
# * Nothing is allowed in on internal interface.
# * Forwarding is allowed to and from the external interface, but disallowed
#   to and from the internal interface.
# * NAT is enabled on the external interface.

IPTABLES="/sbin/iptables"
EXTIF="eth0"
INTIF="eth1"
SERVER="192.168.0.2"
NETWORK="192.168.0.0/24"
BROADCAST="192.168.255.255"

$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT

$IPTABLES -A INPUT -p tcp -s $NETWORK -d $SERVER -m multiport --dports 139,445 -j ACCEPT 
$IPTABLES -A INPUT -p udp -s $NETWORK -d $SERVER -m multiport --dports 137,138 -j ACCEPT 
$IPTABLES -A INPUT -p udp -s $NETWORK -d $BROADCAST -m multiport --dports 137,138 -j ACCEPT

#Allow related and established on all interfaces (input)
$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

#Allow releated, established and ssh on $EXTIF. Reject everything else.
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 22 --syn -j ACCEPT

#Uncomment if you want to allow http on $EXTIF
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 80 --syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -j REJECT

#Allow related and established from $INTIF. Drop everything else.
$IPTABLES -A INPUT -i $INTIF -j DROP

# Desktop Remoto
$IPTABLES -A INPUT -p tcp --dport 3389 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -p tcp --dport 3389 -i $EXTIF -j DNAT --to $SERVER
# /Desktop Remoto

#Allow http and https on other interfaces (input).
#This is only needed if authentication server is on same server as chilli
$IPTABLES -A INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp --dport 443 --syn -j ACCEPT

#Attiva porte per amule
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 4900 --syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -p udp -m udp --dport 4901 --syn -j ACCEPT

#Attiva porte per azureus
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 6881 --syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -p udp -m udp --dport 6881 --syn -j ACCEPT

#Allow 3990 on other interfaces (input).
$IPTABLES -A INPUT -p tcp -m tcp --dport 3990 --syn -j ACCEPT

#Allow everything on loopback interface.
$IPTABLES -A INPUT -i lo -j ACCEPT

##Allow transparent proxy (wiboon 1/2)
$IPTABLES -A INPUT -p tcp -m tcp --dport 3128 --syn -j ACCEPT

##Allow transparent proxy (wiboon 2/2)

$IPTABLES -t nat -A PREROUTING -i tun0 -p tcp -m tcp --dport 3128 --syn -j DROP
$IPTABLES -t nat -A PREROUTING -i tun0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128

# Drop everything to and from $INTIF (forward)
# This means that access points can only be managed from ChilliSpot
$IPTABLES -A FORWARD -i $INTIF -j DROP
$IPTABLES -A FORWARD -o $INTIF -j DROP

#Enable NAT on output device
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE[/]

[= 12px; line-height: 20px]In cosa sbaglio?....cosa dovrei correggere affinche il tutto funzioni?
Grazie a tutti.[/]

Share
  • del.icio.us
  • Facebook
  • Google
  • Reddit
  • Twitter
In cima