[ale] Iptables: Temporarily mounting a windows share
Joe Steele
joe at madewell.com
Mon Jan 16 16:05:59 EST 2006
Jeff Hubbs wrote:
> That's pretty much the plan - it's the "..." after "iptables -I" that
> I'm concerned about.
>
O.K. You will likely need to open up outbound connections to the MS box
via TCP port 445:
iptables -I OUTPUT -d <dst-IP-addr> -p tcp -dport 445 -j ACCEPT
and then allow inbound packets:
iptables -I INPUT -s <dst-IP-addr> -m state --state ESTABLISHED -j ACCEPT
Older versions of windows would want to communicate over TCP port 139
instead of 445.
That probably would be sufficient. Windows also uses UDP ports 137 and
138, but I'm thinking you probably don't need these.
If there any problems, ethereal should help in quickly identifying what
traffic you need to allow.
--Joe
More information about the Ale
mailing list