Difference between revisions of "Samba"

From Christoph's Personal Wiki
Jump to: navigation, search
(External links)
(Samba and iptables)
Line 1: Line 1:
 
Samba is a free software re-implementation of SMB/CIFS networking protocol, released under the GNU General Public License.
 
Samba is a free software re-implementation of SMB/CIFS networking protocol, released under the GNU General Public License.
  
==Samba and iptables==
+
==Samba (smb/cifs) and iptables==
 
If you have a firewall and wish to open it up to Samba on a specific machine (i.e. a single IP address), try the following [[iptables]]:
 
If you have a firewall and wish to open it up to Samba on a specific machine (i.e. a single IP address), try the following [[iptables]]:
 
  -A FORWARD -s xxx.xxx.xxx.xxx/24 -d xxx.xxx.xxx.xxx -p tcp -m tcp --dport 137 -j ACCEPT
 
  -A FORWARD -s xxx.xxx.xxx.xxx/24 -d xxx.xxx.xxx.xxx -p tcp -m tcp --dport 137 -j ACCEPT
Line 11: Line 11:
 
  -A FORWARD -s xxx.xxx.xxx.xxx/24 -d xxx.xxx.xxx.xxx -p tcp -m tcp --dport 445 -j ACCEPT
 
  -A FORWARD -s xxx.xxx.xxx.xxx/24 -d xxx.xxx.xxx.xxx -p tcp -m tcp --dport 445 -j ACCEPT
 
  -A FORWARD -s xxx.xxx.xxx.xxx/24 -d xxx.xxx.xxx.xxx -p udp -m udp --dport 445 -j ACCEPT
 
  -A FORWARD -s xxx.xxx.xxx.xxx/24 -d xxx.xxx.xxx.xxx -p udp -m udp --dport 445 -j ACCEPT
 +
where <code>-s</code> is your "source" IP address and <code>-d</code> is your "destination".
 +
 +
Note that,
 +
*<code>TCP/UDP 137</code> (NETBIOS Name Service aka <code>netbios-ns</code>)
 +
*<code>TCP/UDP 138</code> (NETBIOS Datagram Service aka <code>netbios-dgm</code>)
 +
*<code>TCP/UDP 139</code> (NETBIOS session service aka <code>netbios-ssn</code>)
 +
*<code>TCP/UDP 445</code> (Microsoft Naked CIFS aka <code>microsoft-ds</code>; Win2k/XP)
  
 
==Test-mount your Samba share==
 
==Test-mount your Samba share==

Revision as of 20:04, 26 April 2007

Samba is a free software re-implementation of SMB/CIFS networking protocol, released under the GNU General Public License.

Samba (smb/cifs) and iptables

If you have a firewall and wish to open it up to Samba on a specific machine (i.e. a single IP address), try the following iptables:

-A FORWARD -s xxx.xxx.xxx.xxx/24 -d xxx.xxx.xxx.xxx -p tcp -m tcp --dport 137 -j ACCEPT
-A FORWARD -s xxx.xxx.xxx.xxx/24 -d xxx.xxx.xxx.xxx -p udp -m udp --dport 137 -j ACCEPT
-A FORWARD -s xxx.xxx.xxx.xxx/24 -d xxx.xxx.xxx.xxx -p tcp -m tcp --dport 138 -j ACCEPT
-A FORWARD -s xxx.xxx.xxx.xxx/24 -d xxx.xxx.xxx.xxx -p udp -m udp --dport 138 -j ACCEPT
-A FORWARD -s xxx.xxx.xxx.xxx/24 -d xxx.xxx.xxx.xxx -p tcp -m tcp --dport 139 -j ACCEPT
-A FORWARD -s xxx.xxx.xxx.xxx/24 -d xxx.xxx.xxx.xxx -p udp -m udp --dport 139 -j ACCEPT
-A FORWARD -s xxx.xxx.xxx.xxx/24 -d xxx.xxx.xxx.xxx -p tcp -m tcp --dport 445 -j ACCEPT
-A FORWARD -s xxx.xxx.xxx.xxx/24 -d xxx.xxx.xxx.xxx -p udp -m udp --dport 445 -j ACCEPT

where -s is your "source" IP address and -d is your "destination".

Note that,

  • TCP/UDP 137 (NETBIOS Name Service aka netbios-ns)
  • TCP/UDP 138 (NETBIOS Datagram Service aka netbios-dgm)
  • TCP/UDP 139 (NETBIOS session service aka netbios-ssn)
  • TCP/UDP 445 (Microsoft Naked CIFS aka microsoft-ds; Win2k/XP)

Test-mount your Samba share

As root,

mount -t cifs //xxx.xxx.xxx.xxx/path /mnt/samba -o username=username

Automount a Samba share

If you would like to automount your Samba shares, you can place the line below in your /etc/fstab:

//xxx.xxx.xxx.xxx/path /mnt/samba cifs username=username,password=password 0 0

where cifs might need to be smbfs, depending on your filesystem setup.

However, if you do not want your username and password in a text file that anyone can read, you can create a file in, for an example, /etc/samba/smbpasswd with the following two lines:

username=username
password=password

Then,

chmod 600 /etc/samba/smbpasswd

Now, edit your /etc/fstab and replace the line with:

//xxx.xxx.xxx.xxx/path /mnt/samba cifs credentials=/etc/samba/smbpasswd 0 0

External links

Firewall