samba/redhat fire wall

[sabbathunter]

i have found a way to turn off the firewall and gain access to the linux samba server. however i dont want to leave the firewalls off, because it is hooked up to the internet and i dont want any outside people to gain access to the linux machine.
how can i set it up so that the inside machines can get thru the firewall, but outside ones cannot?

peace
david

 

[smah]

You really shouldn't have Samba listening on an interface that's open to the internet - firewall or not.

You may want to draw and/or accurately describe the way your network is set up.

 

[sabbathunter]

on this small network (i am a linux newbie so me and my boss are first trying it out before we set it up at a client) we have two windows based machines (one XP the other 98SE). both these computers need access to the internet as well as access to the linux/samba fileserver, for our purposes.
if we cannot access the internet and use the samba server securely at the same time, then its usefulness to us is limited.

peace
david

 

[smah]

You can easily do this depending on how your network is set up.

"You really shouldn't have Samba listening on an interface that's open to the internet - firewall or not.

If you're using a router, ICS, or some other form of NAT to get internet access, you are probably OK. That's why I asked how your LAN/internet it set up.

 

[bluegroper]

Many folk think its best not to put Samba (or any other services either) on your firewall.
I agree that a firewall should be just that, a firewall.
Just my $0.02 worth.

><(((°> ><(((°>

 

[dbase77]

Hi,

Why not block incoming connection from internet interface on port 137-139 for both tcp and udp. And allow connection on your LAN interface. That should do the trick if you want both machine to go online as well.

feroz

 

[sabbathunter]

&quot;Why not block incoming connection from internet interface on port 137-139 for both tcp and udp. And allow connection on your LAN interface. That should do the trick if you want both machine to go online as well.&quot;

being a linux redhat newbie, how would i go about blocking internet interface on those ports?

david

 

[dbase77]

hi,

r u on iptables? How do you connect to the internet? ppp? what is your lan interface (eth0, eth1 etc) and ip?

feroz

 

[smah]

It would really help the solution if we know how the network was set up and how this machine connects to the internet.

 

[sabbathunter]

my lan interface on the linux machine is eht0, i have iptables turned off.
i know how to configure and start iptables, that is not an issue
we have three machines on this part of the network, one windows XP, a Windows 98SE and the linux Redhat 9.0.

they are all connected together thru a linksys hub. the hub is connected to a router on a separate part of the network. thru the router we have a broadband/cable connection.
we need all three machines to be able to see each other and get out to the internet (for the linux we need to get out for updates, emails etc. ) but i dont want the other part of the network (which is on a separate workgroup) to see into the linux nor do i want people outside the network to see in.
the XP, 98SE are on a workgroup called LDS and the linux is on a workgroup called My Group.
currently i have the firewall turned off and permissions set to that the XP can share files with the linux. i have not done the same with the 98SE machine, for testing purposes. once i turn the firewall on i cannot gain access to the linux from the XP machine.

right now i am working on keeping this as a small network seperate from the rest. eventually we want to use a linux box not only as a file server but as a FTP, host our website and a mail server.


hope this information helps, if you need more let me know

thanks
david