[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Samba & IPTables

	This suggestion is for "Home Users"... If someone's a SysAdmin and you have issues with figuring out Samba & IPTables then you shouldn't be one.  IPTables are enabled by default, how is a user going to know that they have to stop the iptables service in order for Network Browsing to work?  Also, I don't think just shutting off IPTables is a suitable solution, and even if they did shut off IPTables how many people do you know that have physical firewalls setup at home?  If you also read my note, I suggested prompting the user if they wanted to open these ports, not to automagiclly go ahead an do it without their knowledge.

-----Original Message-----
From: Tom Diehl [mailto:tdiehl rogueind com] 
Sent: Friday, August 01, 2003 11:24 AM
To: 'rhl-list redhat com'
Subject: Re: Samba & IPTables


PLEASE WRAP YOUR LINES at less than 80 characters per line.

On Fri, 1 Aug 2003, Epps, Aaron M. wrote:

>     Here's my suggestion...  When a user configures their server to have Samba start on boot, don't you think they'd probably want to open the appropriate ports so that people can connect to their Samba Server?  I think that when I uses clicks on the checkbox in the Services Config Tool it should prompt the user, asking them if they'd like to open the appropriate ports in their firewall for Samba (137-139).   Otherwise, if you don't realize that IPTables is what's stopping your Samba Server from being available in "Network Neighborhood" you'll have to dig around and manually configure iptables, which isn't necessarily the most intuitive thing in the world.   This could also be done for similar servers that require certain ports to be opened up (SSH, FTP, Apache, Etc...)  Thoughts anyone? 

What you auggest would be bad. Think about the case where you have 2 nic's in a machine and you have things configured to automagically open up the ports to the outside world. If you have a single machine behand a firewall and the complexities of samba + iptables are too much to handle then turn off iptables. If you are paranoid enough to want iptables enabled on such a machine then you should be paranoid enough to not want things messing with your rules without your knowledge. What you are suggesting would end up being a support nightmare. Yes I know they way it is now is also a problem but at least now it is simple to say turn off iptables and try again. If it now works then you know where to look.


......Tom		Registered Linux User #14522	http://counter.li.org
tdiehl rogueind com	My current SpamTrap ------->	mtd123 rogueind com

Rhl-list mailing list
Rhl-list redhat com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]