Hallo
Ich habe jetzt mal meine susefirewall in betrieb genommen und habe auch schon ein Problem.
Wenn ich die Firewall Aktiviere dann geht mein Samba nicht mehr.Ok dann habe ich denn 139 Port auf Extern eingetragen dann geht wieder Samba.Wenn ich das jedoch Intern mache dann geht es nicht mehr:
FW_SERVICES_EXT_TCP="139 http https ssh" <------- Geht
FW_SERVICES_INT_TCP="139" <-------- Geht nicht
Also was muss ich machen damit Samba nur Intern ereichbar ist?
Danke im Vorraus
könntest du etwas mehr auf die Details eingehen?
:wie viele netzwerkkarten hast du, an welcher soll samba gehen / anwelcher geht samba,
evtl. mal ein "iptables -L -n" hier posten, :-)
:D
Kopf hoch!
Zucker
So hier dir Iptables mit FW_SERVICES_EXT_TCP="139 http https ssh" nach meiner ansicht ist Samba nun von Ausen erreichbar.Was mache ich denn nun damit Samba nicht von aussen erreichbar ist und was Haltet ihr von dem Firewall Script
Danke für die Hilfe
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 127.0.0.0/8 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOFING '
LOG all -- 0.0.0.0/0 127.0.0.0/8 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOFING '
DROP all -- 127.0.0.0/8 0.0.0.0/0
DROP all -- 0.0.0.0/0 127.0.0.0/8
LOG all -- 192.168.0.110 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOFING '
DROP all -- 192.168.0.110 0.0.0.0/0
input_int all -- 0.0.0.0/0 192.168.0.110
DROP all -- 0.0.0.0/0 192.168.0.255
DROP all -- 0.0.0.0/0 255.255.255.255
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-ILLEGAL-TARGET '
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP)
target prot opt source destination
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
forward_int all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-ILLEGAL-ROUTING '
DROP all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-FORWARD-ERROR '
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
LOG icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 11 LOG flags 6 level 4 prefix `SuSE-FW-TRACEROUTE-ATTEMPT '
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 11
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 3
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 9
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 10
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 13
DROP icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 3
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-OUTPUT-ERROR '
Chain forward_dmz (0 references)
target prot opt source destination
LOG all -- 192.168.0.0/24 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOF '
DROP all -- 192.168.0.0/24 0.0.0.0/0
LOG all -- 0.0.0.0/0 192.168.0.110 LOG flags 6 level 4 prefix `SuSE-FW-DROP-CIRCUMVENTION '
DROP all -- 0.0.0.0/0 192.168.0.110
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED icmp type 3
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain forward_ext (0 references)
target prot opt source destination
LOG all -- 192.168.0.0/24 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOF '
DROP all -- 192.168.0.0/24 0.0.0.0/0
LOG all -- 0.0.0.0/0 192.168.0.110 LOG flags 6 level 4 prefix `SuSE-FW-DROP-CIRCUMVENTION '
DROP all -- 0.0.0.0/0 192.168.0.110
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED icmp type 3
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain forward_int (1 references)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED icmp type 3
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain input_dmz (0 references)
target prot opt source destination
LOG all -- 192.168.0.0/24 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOF '
DROP all -- 192.168.0.0/24 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 3
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 11
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 12
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 14
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 18
LOG icmp -- 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ICMP '
DROP icmp -- 0.0.0.0/0 0.0.0.0/0
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-REJECT '
reject_func tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:111 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:111 flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4000 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4000 flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4001 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4001 flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4002 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4002 flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4080 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4080 flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4444 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4444 flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4662 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4662 flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5132 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5132 flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6346 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6346 flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6882 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6882 flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9999 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9999 flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:32768 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:32768 flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:32770 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:32770 flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED tcp dpts:1024:65535 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT '
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED tcp dpts:1024:65535
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED tcp dpts:600:65535 flags:!0x16/0x02
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED tcp dpt:20 flags:!0x16/0x02
ACCEPT udp -- 192.168.0.1 0.0.0.0/0 state NEW,RELATED,ESTABLISHED udp spt:53 dpts:1024:65535
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:22
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:80
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:111
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:111
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:139
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:797
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2049
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4000
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4001
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4002
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4080
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4444
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4662
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4666
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:5132
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:5132
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6346
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6346
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6882
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9999
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:32768
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:32768
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:32770
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:32770
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:32771
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:32773
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED udp dpts:1024:65535
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain input_ext (0 references)
target prot opt source destination
LOG all -- 192.168.0.0/24 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOF '
DROP all -- 192.168.0.0/24 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 3
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 11
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 12
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 14
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 18
LOG icmp -- 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ICMP '
DROP icmp -- 0.0.0.0/0 0.0.0.0/0
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT '
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpt:139
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT '
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpt:80
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT '
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpt:443
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT '
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpt:22
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-REJECT '
reject_func tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:111 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:111 flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4000 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4000 flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4001 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4001 flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4002 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4002 flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4080 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4080 flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4444 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4444 flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4662 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4662 flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5132 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5132 flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6346 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6346 flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6882 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6882 flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9999 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9999 flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:32768 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:32768 flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:32770 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:32770 flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED tcp dpts:1024:65535 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT '
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED tcp dpts:1024:65535
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED tcp dpts:600:65535 flags:!0x16/0x02
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED tcp dpt:20 flags:!0x16/0x02
ACCEPT udp -- 192.168.0.1 0.0.0.0/0 state NEW,RELATED,ESTABLISHED udp spt:53 dpts:1024:65535
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:22
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:80
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:111
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:111
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:797
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2049
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4000
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4001
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4002
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4080
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4444
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4662
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4666
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:5132
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:5132
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6346
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6346
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6882
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9999
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:32768
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:32768
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:32770
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:32770
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:32771
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:32773
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED udp dpts:1024:65535
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain input_int (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 3
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 11
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 12
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 14
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED icmp type 18
LOG icmp -- 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ICMP '
DROP icmp -- 0.0.0.0/0 0.0.0.0/0
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-REJECT '
reject_func tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 flags:0x16/0x02
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED tcp dpts:1024:65535 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT '
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED tcp dpts:1024:65535
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED tcp dpts:600:65535 flags:!0x16/0x02
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED tcp dpt:20 flags:!0x16/0x02
ACCEPT udp -- 192.168.0.1 0.0.0.0/0 state NEW,RELATED,ESTABLISHED udp spt:53 dpts:1024:65535
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED udp dpts:1024:65535
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain reject_func (3 references)
target prot opt source destination
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-proto-unreachable
Also ehrlich gesagt sehe ich nicht warum der samba-dienst auf dem internen interface laufen soll - es gibt keine "freigabe" durch iptables. Oder ich bin blind.
In der "Chain input_int (1 references)" sollte irgendwas von wegen
ACCEPT tcp -- 192.168.0.1 0.0.0.0/0 state NEW,RELATED,ESTABLISHED tcp dpts:137:139
ACCEPT udp -- 192.168.0.1 0.0.0.0/0 state NEW,RELATED,ESTABLISHED udp dpts:137:139
stehen.
Der befehl dazu lautet
/sbin/iptables -A INPUT -p tcp -i eth? -s 192.168.0.0/24 --dport 137:139 -j ACCEPT
/sbin/iptables -A INPUT -p udp -i eth? -s 192.168.0.0/24 --dport 137:139 -j ACCEPT
eth? ist dabei dein internes netzwerkinterface, also offenbat eth0 oder eth1.
Warum es auf einmal geht, wenn du die freigabe von samba auf dem externen interface machst, weiss ich auch net.
Ehrlich gesagt - meiner meinung nach - sind diese Firewall-rules unnötig kompliziert.
Schreib' doch deine eigene!
Grüsse von
Zucker
Powered by vBulletin® Version 4.2.5 Copyright ©2024 Adduco Digital e.K. und vBulletin Solutions, Inc. Alle Rechte vorbehalten.