Showing posts with label firewall. Show all posts
Showing posts with label firewall. Show all posts

Tuesday, July 16, 2013

Adding bittorrent ports to my iptables

I accessed my router and did the port forwarding necessary to allow my bittorrent client (transmission) to seed properly, but I also needed to add a rule to my iptables to allow the traffic through.

My setup is

Internet     ->     Hardware Router        ->     Linux Desktop
                    with port forwarding          Client
                    enabled


I began by backing up my current iptables file

$ sudo cp /etc/iptables/iptables.rules /etc/iptables/iptables.rules.20130716


I am using Arch Linux Simple Stateful Firewall along with Transmission bittorrent client. The default port is 51413, so I needed to perform the following commands:

$ sudo iptables -A TCP -p tcp --dport 51413 -j ACCEPT
$ sudo iptables -A TCP -p tcp --sport 51413 -j ACCEPT
$ su -c "iptables-save > /etc/iptables/iptables.rules"
Password:
$ sudo systemctl restart iptables.service

If I want to revert back to my old rules (which block port 51413) I can issue the command

$ sudo iptables-restore < /etc/iptables/iptables.rules.20130716
$ su -c "iptables-save > /etc/iptables/iptables.rules"
Password:
$ sudo systemctl restart iptables.service
Posted by at No comments:
Labels: , , ,

Saturday, May 18, 2013

Samba blocked - smbclient returns Error for a configured user

I was getting two errors,

$ smbclient -L hostname -U%
params.c:OpenConfFile() - Unable to open configuration file "/etc/samba/smb.conf":
    No such file or directory
smbclient: Can't load /etc/samba/smb.conf - run testparm to debug it
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 4.0.5]
tree connect failed: NT_STATUS_ACCESS_DENIED

and

$ smbclient -L hostname --user username
params.c:OpenConfFile() - Unable to open configuration file "/etc/samba/smb.conf":
    No such file or directory
smbclient: Can't load /etc/samba/smb.conf - run testparm to debug it
Connection to hostname failed (Error NT_STATUS_CONNECTION_REFUSED)

The first error was due to samba not being public and therefore i needed to specify a samba username (who must also be a system user, see here) who was granted samba permissions.

The second error I was receiving simply because I had my firewall set using iptables, and had not opened the correct ports for samba!

I performed the following commands and corrected it.
  1. sudo iptables -A TCP -p tcp --dport 139 -j ACCEPT
  2. sudo iptables -A TCP -p tcp --dport 445 -j ACCEPT
  3. sudo iptables -A UDP -p udp --sport 137 -j ACCEPT
  4. sudo iptables -A UDP -p udp --dport 137 -j ACCEPT 
  5. sudo iptables -A UDP -p udp --dport 138 -j ACCEPT 
  6. su -c 'iptables-save > /etc/iptables/iptables.rules'
This opens the samba ports and then saves the rules to the iptables config file. Finally, restart the iptables service. For Arch, this is
  • sudo systemctl restart iptables.service
Done. Now my correctly configured /etc/samba/smb.conf file is enough to grant me access to my shares.
Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)