[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Iptables: Temporarily mounting a windows share

Subject: [ale] Iptables: Temporarily mounting a windows share
From: joe at madewell.com (Joe Steele)
Date: Mon, 16 Jan 2006 16:05:59 -0500
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]>

Jeff Hubbs wrote:
> That's pretty much the plan - it's the "..." after "iptables -I" that 
> I'm concerned about.
>   
O.K.  You will likely need to open up outbound connections to the MS box 
via TCP port 445:
iptables -I OUTPUT -d <dst-IP-addr> -p tcp -dport 445 -j ACCEPT

and then allow inbound packets:

iptables -I INPUT -s <dst-IP-addr> -m state --state ESTABLISHED -j ACCEPT

Older versions of windows would want to communicate over TCP port 139 
instead of 445.

That probably would be sufficient.  Windows also uses UDP ports 137 and 
138, but I'm thinking you probably don't need these.

If there any problems, ethereal should help in quickly identifying what 
traffic you need to allow.

--Joe

Follow-Ups:
- [ale] Iptables: Temporarily mounting a windows share
  - From: jkinney at localnetsolutions.com (James P. Kinney III)

References:
- [ale] Iptables: Temporarily mounting a windows share
  - From: hbbs at comcast.net (Jeff Hubbs)
- [ale] Iptables: Temporarily mounting a windows share
  - From: joe at madewell.com (Joe Steele)
- [ale] Iptables: Temporarily mounting a windows share
  - From: hbbs at comcast.net (Jeff Hubbs)

Prev by Date: [ale] Iptables: Temporarily mounting a windows share
Next by Date: [ale] OT: Cisco documentation
Previous by thread: [ale] Iptables: Temporarily mounting a windows share
Next by thread: [ale] Iptables: Temporarily mounting a windows share
Index(es):
- Date
- Thread