Pessoal,
Estou levando uma surra do trio iptables, firestarter e samba e preciso de ajuda.
Espero num futuro próximo conhecer isto o suficiente pra estar ajudando ...
Minha configuração é a seguinte,
ADSL Router Speed Touch Pro
Ubuntu com duas placas de rede, nome huna
eth0 ligada no router
eth1 rede interna IP 192.168.1.6
Windows 192.168.1.9
Os endereços em torno de 10.0.138 na lista do iptables são do router.
O problema é que não consigo, por mais que tente, liberar as conexões do
Samba. Só consigo usá-lo se desativar o firewall.
Grato!
Chain INBOUND (4 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 192.168.1.9 anywhere
ACCEPT all -- huna anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:5900
ACCEPT udp -- anywhere anywhere udp dpt:5900
ACCEPT tcp -- anywhere anywhere tcp dpt:4662
ACCEPT udp -- anywhere anywhere udp dpt:4662
ACCEPT tcp -- anywhere anywhere tcp dpt:4672
ACCEPT udp -- anywhere anywhere udp dpt:4672
ACCEPT tcp -- 192.168.1.9 anywhere tcp dpts:netbios-ns:netbios-ssn
ACCEPT udp -- 192.168.1.9 anywhere udp dpts:netbios-ns:netbios-ssn
ACCEPT tcp -- 192.168.1.9 anywhere tcp dpt:microsoft-ds
ACCEPT udp -- 192.168.1.9 anywhere udp dpt:microsoft-ds
ACCEPT tcp -- huna anywhere tcp dpts:netbios-ns:netbios-ssn
ACCEPT udp -- huna anywhere udp dpts:netbios-ns:netbios-ssn
ACCEPT tcp -- huna anywhere tcp dpt:microsoft-ds
ACCEPT udp -- huna anywhere udp dpt:microsoft-ds
LSI all -- anywhere anywhere
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- SpeedTouch.lan anywhere tcp flags:!SYN,RST,ACK/SYN
ACCEPT udp -- SpeedTouch.lan anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
DROP all -- anywhere 255.255.255.255
DROP all -- anywhere 10.0.0.143
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
LSI all -f anywhere anywhere limit: avg 10/min burst 5
INBOUND all -- anywhere anywhere
INBOUND all -- anywhere huna
INBOUND all -- anywhere 10.0.0.139
INBOUND all -- anywhere 192.168.1.255
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Input'
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
OUTBOUND all -- anywhere anywhere
ACCEPT tcp -- anywhere 192.168.1.0/24 state RELATED,ESTABLISHED
ACCEPT udp -- anywhere 192.168.1.0/24 state RELATED,ESTABLISHED
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Forward'
Chain LOG_FILTER (5 references)
target prot opt source destination
Chain LSI (2 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST
LOG icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP icmp -- anywhere anywhere icmp echo-request
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Inbound '
DROP all -- anywhere anywhere
Chain LSO (0 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Outbound '
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTBOUND (3 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 10.0.0.139 SpeedTouch.lan tcp dpt:domain
ACCEPT udp -- 10.0.0.139 SpeedTouch.lan udp dpt:domain
ACCEPT all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
OUTBOUND all -- anywhere anywhere
OUTBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Output'