From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Dermot Paikkos" <dermot@sciencephoto.com>
Subject: Re: samba: unreachable - admin prohibited
Date: Fri, 29 Jul 2005 19:33:04 +0100
Message-ID: <42EA8470.10323.75475D@localhost>
References: <42EA7F35.13938.60D840@localhost>
Reply-To: dermot@sciencephoto.com
Mime-Version: 1.0
Content-Transfer-Encoding: 7BIT
Return-path: <linux-admin-owner@vger.kernel.org>
In-reply-to: <4848.192.168.99.70.1122661523.squirrel@192.168.99.70>
Content-description: Mail message body
Sender: linux-admin-owner@vger.kernel.org
List-Id: <linux-admin.vger.kernel.org>
Content-Type: text/plain; charset="us-ascii"
To: linux-admin@vger.kernel.org

On 29 Jul 2005 at 11:25, Scott Taylor wrote:

> 
> Dermot Paikkos said:
> > Hi
> >
> > The one area I am not sure about is the firewall. I left this
> > enabled during the install of redhat. The iptables are listed at the
> > end of this mail. portscan shows 139 running with netbios-ssn so I
> > am not sure if this means traffic is allowed through or not.
> >
> > Does anyone have any ideas?
> 
> I don't see any SMB or NMB allowed in your IPTABLES rulez.
> 
I guess the next question is how do I add a rule for smb and nmb or 
can I just turn it off to confirm that this is the source of the 
problem?

> > ============== iptables ================
> > Chain FORWARD (policy ACCEPT)
> > target     prot opt source               destination
> > RH-Firewall-1-INPUT  all  --  anywhere             anywhere
> >
> > Chain INPUT (policy ACCEPT)
> > target     prot opt source               destination
> > RH-Firewall-1-INPUT  all  --  anywhere             anywhere
> >
> > Chain OUTPUT (policy ACCEPT)
> > target     prot opt source               destination
> >
> > Chain RH-Firewall-1-INPUT (2 references)
> > target     prot opt source               destination
> > ACCEPT     all  --  anywhere             anywhere
> > ACCEPT     icmp --  anywhere             anywhere            icmp
> > any ACCEPT     ipv6-crypt--  anywhere             anywhere ACCEPT   
> >  ipv6-auth--  anywhere             anywhere ACCEPT     udp  -- 
> > anywhere             224.0.0.251         udp dpt:5353 ACCEPT     udp
> >  --  anywhere             anywhere            udp dpt:ipp ACCEPT    
> > all  --  anywhere             anywhere            state
> > RELATED,ESTABLISHED ACCEPT     tcp  --  anywhere            
> > anywhere            state NEW tcp dpt:ssh ACCEPT     tcp  -- 
> > anywhere             anywhere            state NEW tcp dpt:http
> > ACCEPT     tcp  --  anywhere             anywhere            state
> > NEW tcp dpt:ftp ACCEPT     tcp  --  anywhere             anywhere   
> >         state NEW tcp dpt:smtp REJECT     all  --  anywhere         
> >    anywhere            reject- with icmp-host-prohibited
> >
> 
> --
> Scott
> 


~~
Dermot Paikkos * dermot@sciencephoto.com
Network Administrator @ Science Photo Library
Phone: 0207 432 1100 * Fax: 0207 286 8668