Samba and Firewall Software
Firewall software installed both on your Windows PCs and on the Samba server may prevent Samba from functioning. Two popular packagesiptables and Zone Alarmoffer solutions.
Linux iptables
The Fedora installation process configures the iptables firewall package by default. You have two options for working with it. You can ensure that this is deactivated, which may be desirable on a secured network. Or, you can configure it to allow through such Microsoft protocols as NetBIOS (UDP ports 137 and 138, TCP ports 139) and TCP port 445 for SMB file sharing without NetBIOS. Here is sample script snippet:
#!/bin/bash
SAMBA_SERVER="192.168.1.100 "
NETWORK="192.168.1.0/24" # Local area network
BROADCAST="192.168.255.255" # Local area network Broadcast Address
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -p udp -s $NETWORK -d $SAMBA_SERVER \
-m multiport --dports 137,138 -j ACCEPT
iptables -A INPUT -p tcp -s $NETWORK -d $SAMBA_SERVER -m multiport \
--dports 139,445 -j ACCEPT
iptables -A INPUT -p udp -s $NETWORK -d $BROADCAST --dport 137 \
-j ACCEPT
iptables -A INPUT -p udp -d $SAMBA_SERVER -m multiport \
--dports 137,138 -j DROP
iptables -A INPUT -p tcp -d $SAMBA_SERVER -m multiport \
--dports 139,445 -j DROP
iptables -A OUTPUT -s $SAMBA_SERVER -d $NETWORK -m state --state \
ESTABLISHED,RELATED -j ACCEPT
For more information, please refer to Chapter 14, "Linux Firewalls Using iptables."
Windows-based Zone Alarm
The default installation of Zone Alarm assumes that your PC is directly connected to the Internet. This means that the software will deny all inbound connections that attempt to connect with your PC. The NetBIOS traffic that Samba uses to communicate with the PCs on the network, therefore, is considered as hostile traffic.
The easiest way around this is to configure Zone Alarm to consider your home network as a trusted network too. To do so, click on the Firewall tab and edit the settings for your home network; it will most likely have a 192.168.x.x/255.255.255.0 type entry. Make this network a trusted network, instead of an Internet network, and Zone Alarm should cease to interfere with Samba.
The Windows XP Built-In Firewall
You may also need to disable the firewall feature of Windows XP. Follow these steps:
1. | Bring up the Control Panel.
| 2. | Double-click on the Network Connections icon.
| 3. | Right-click on your LAN connection icon, and select Properties.
| 4. | Click on the Advanced tab and then on the Windows Firewall Settings button.
| 5. | Turn off the Internet Connection Firewall by clearing its check box. You may also leave the firewall on, but allow Windows file sharing traffic through this connection. This can be done by clicking on the Exceptions tab of the Windows Firewall dialog box and clicking on the File and Printer Sharing check box.
|
After you get SAMBA to work, you may want to experiment with the firewall software settings to optimize your security, keeping in mind the need to maintain a valid relationship with the Samba server.
 | 
