bonjour,
je suis sur un reseau debian wheezy 64 bits, un client des serveurs
je veux faire du partage de fichiers samba entre postes
à l'installation tout mes partages fonctionnaient correctement, les règles par défaut d'iptables à l'installation me permettant de faire ce que je voulais
sur le serveur, pour l'instant je ne touche qu'à celui ci, je ne peux plus parcourir mon réseau avec thunar ( xfce sur le serveur ) et nautilus ( gnome 3 sur le client )
mon smbclient sur le serveur :
smbclient -L 192.168.1.2 -N
Domain=[MONGROUPE] OS=[Unix] Server=[Samba 3.6.6]
Sharename Type Comment
--------- ---- -------
print$ Disk Printer Drivers
partage Disk partage
IPC$ IPC IPC Service (SERVEUR)
Epson-Stylus-SX110 Printer EPSON Epson Stylus SX110
Domain=[MONGROUPE] OS=[Unix] Server=[Samba 3.6.6]
Server Comment
--------- -------
CLIENT CLIENT
SERVEUR SERVEUR
Workgroup Master
--------- -------
MONGROUPE CLIENT
mon fichier parefeu dans mon /etc/init.d
:
### BEGIN INIT INFO
# Provides: parefeu
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Demarrage du script lors de la sequence de boot
# Description: Ajout des regles de parefeu
### END INIT INFO
#!/bin/sh
case "$1" in
start)
echo - Initialisation du firewall :
# Vidage des tables et des regles personnelles
iptables -t filter -F
iptables -t filter -X
echo - Vidage des regles et des tables : [OK]
# Interdire toutes connexions entrantes et sortantes
iptables -t filter -P INPUT DROP
iptables -t filter -P FORWARD DROP
iptables -t filter -P OUTPUT DROP
echo - Interdire toutes les connexions entrantes et sortantes : [OK]
# Ne pas casser les connexions etablies
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
echo - Ne pas casser les connexions établies : [OK]
# Autoriser loopback
iptables -t filter -A INPUT -i lo -j ACCEPT
iptables -t filter -A OUTPUT -o lo -j ACCEPT
#boucle locale
iptables -t filter -A INPUT -s 127.0.0.1 -i lo -j ACCEPT
# ICMP (Ping)
iptables -t filter -A INPUT -p icmp -j ACCEPT
iptables -t filter -A OUTPUT -p icmp -j ACCEPT
# ---
# SSH In
iptables -t filter -A INPUT -p tcp --dport xxxx -j ACCEPT
# SSH Out
iptables -t filter -A OUTPUT -p tcp --dport xxxx -j ACCEPT
#5938
iptables -t filter -A OUTPUT -p tcp --dport 5938 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 5938 -j ACCEPT
# DNS In/Out
iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT
iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT
# HTTP + HTTPS Out
iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 8080 -j ACCEPT
# HTTP + HTTPS In
iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 8443 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 8080 -j ACCEPT
# FTP Out
iptables -t filter -A OUTPUT -p tcp --dport 20:21 -j ACCEPT
# FTP In
iptables -t filter -A INPUT -p tcp --dport 20:21 -j ACCEPT
iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# FTP Out port transfert données
iptables -t filter -A OUTPUT -p tcp --dport 55000:55100 -j ACCEPT
# FTP In port transfert données
iptables -t filter -A INPUT -p tcp --dport 55000:55100 -j ACCEPT
iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Mail SMTP:25
iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 25 -j ACCEPT
# Mail SMTP:25
iptables -t filter -A INPUT -p tcp --dport 587 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 587 -j ACCEPT
# Mail POP3:110
iptables -t filter -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 110 -j ACCEPT
# Mail IMAP:143
iptables -t filter -A INPUT -p tcp --dport 143 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 143 -j ACCEPT
# Mail POP3S:995
iptables -t filter -A INPUT -p tcp --dport 995 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 995 -j ACCEPT
# samba 137 udp Out
iptables -t filter -A OUTPUT -p udp --dport 137 -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
# samba 137 udp In
iptables -t filter -A INPUT -p udp --dport 137 -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# samba 137 tcp Out
iptables -t filter -A OUTPUT -p tcp --dport 137 -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
# samba 137 tcp In
iptables -t filter -A INPUT -p tcp --dport 137 -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# samba 138 tcp Out
iptables -t filter -A OUTPUT -p tcp --dport 138 -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
# samba 138 tcp In
iptables -t filter -A INPUT -p tcp --dport 138 -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# samba 138 udp Out
iptables -t filter -A OUTPUT -p udp --dport 138 -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
# samba 138 udp In
iptables -t filter -A INPUT -p udp --dport 138 -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# samba 139 tcp Out
iptables -t filter -A OUTPUT -p tcp --dport 139 -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
# samba 139 tcp In
iptables -t filter -A INPUT -p tcp --dport 139 -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# samba 139 udp Out
iptables -t filter -A OUTPUT -p udp --dport 139 -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
# samba 139 udp In
iptables -t filter -A INPUT -p udp --dport 139 -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# samba 445 tcp Out
iptables -t filter -A OUTPUT -p tcp --dport 445 -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
# samba 445 tcp In
iptables -t filter -A INPUT -p tcp --dport 445 -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# samba 137 udp Out
iptables -t filter -A OUTPUT -p udp --dport 137 -s 10.0.2.0/24 -d 10.0.2.0/24 -j ACCEPT
# samba 137 udp In
iptables -t filter -A INPUT -p udp --dport 137 -s 10.0.2.0/24 -d 10.0.2.0/24 -jACCEPT
iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# samba 137 tcp Out
iptables -t filter -A OUTPUT -p tcp --dport 137 -s 10.0.2.0/24 -d 10.0.2.0/24 -j ACCEPT
# samba 137 tcp In
iptables -t filter -A INPUT -p tcp --dport 137 -s 10.0.2.0/24 -d 10.0.2.0/24 -j ACCEPT
iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# samba 138 tcp Out
iptables -t filter -A OUTPUT -p tcp --dport 138 -s 10.0.2.0/24 -d 10.0.2.0/24 -j ACCEPT
# samba 138 tcp In
iptables -t filter -A INPUT -p tcp --dport 138 -s 10.0.2.0/24 -d 10.0.2.0/24 -j ACCEPT
iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# samba 138 udp Out
iptables -t filter -A OUTPUT -p udp --dport 138 -s 10.0.2.0/24 -d 10.0.2.0/24 -j ACCEPT
# samba 138 udp In
iptables -t filter -A INPUT -p udp --dport 138 -s 10.0.2.0/24 -d 10.0.2.0/24 -j ACCEPT
iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# samba 139 tcp Out
iptables -t filter -A OUTPUT -p tcp --dport 139 -s 10.0.2.0/24 -d 10.0.2.0/24 -j ACCEPT
# samba 139 tcp In
iptables -t filter -A INPUT -p tcp --dport 139 -s 10.0.2.0/24 -d 10.0.2.0/24 -j ACCEPT
iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# samba 139 udp Out
iptables -t filter -A OUTPUT -p udp --dport 139 -s 10.0.2.0/24 -d 10.0.2.0/24 -j ACCEPT
# samba 139 udp In
iptables -t filter -A INPUT -p udp --dport 139 -s 10.0.2.0/24 -d 10.0.2.0/24 -j ACCEPT
iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# samba 445 tcp Out
iptables -t filter -A OUTPUT -p tcp --dport 445 -s 10.0.2.0/24 -d 10.0.2.0/24 -j ACCEPT
# samba 445 tcp In
iptables -t filter -A INPUT -p tcp --dport 445 -s 10.0.2.0/24 -d 10.0.2.0/24 -j ACCEPT
iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# mule
iptables -t filter -A INPUT -p tcp --dport 4662 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 4662 -j ACCEPT
iptables -t filter -A OUTPUT -p udp --dport 4672 -j ACCEPT
iptables -t filter -A OUTPUT -p udp --dport 4665 -j ACCEPT
iptables -t filter -A INPUT -p udp --dport 4672 -j ACCEPT
iptables -t filter -A INPUT -p udp --dport 4665 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 4661 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 4661 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 4712 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 4712 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 4711 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 4711 -j ACCEPT
echo - Initialisation des regles : [OK]
;;
status)
echo - Liste des regles :
iptables -n -L
;;
stop)
# Vidage des tables et des regles personnelles
iptables -t filter -F
iptables -t filter -X
echo - Vidage des regles et des tables : [OK]
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
echo - Autoriser toutes les connexions entrantes et sortantes : [OK]
;;
esac
exit 0
mon iptables -L :
iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- localhost anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:xxxx
ACCEPT tcp -- anywhere anywhere tcp dpt:5938
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:8443
ACCEPT tcp -- anywhere anywhere tcp dpt:http-alt
ACCEPT tcp -- anywhere anywhere tcp dpts:ftp-data:ftp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpts:55000:55100
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:submission
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:imap2
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s
*ACCEPT udp -- 192.168.1.0/24 192.168.1.0/24 udp dpt:netbios-ns
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- 192.168.1.0/24 192.168.1.0/24 tcp dpt:netbios-ns
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- 192.168.1.0/24 192.168.1.0/24 tcp dpt:netbios-dgm
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- 192.168.1.0/24 192.168.1.0/24 udp dpt:netbios-dgm
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- 192.168.1.0/24 192.168.1.0/24 tcp dpt:netbios-ssn
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- 192.168.1.0/24 192.168.1.0/24 udp dpt:netbios-ssn
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- 192.168.1.0/24 192.168.1.0/24 tcp dpt:microsoft-ds
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- 10.0.2.0/24 10.0.2.0/24 udp dpt:netbios-ns
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- 10.0.2.0/24 10.0.2.0/24 tcp dpt:netbios-ns
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- 10.0.2.0/24 10.0.2.0/24 tcp dpt:netbios-dgm
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- 10.0.2.0/24 10.0.2.0/24 udp dpt:netbios-dgm
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- 10.0.2.0/24 10.0.2.0/24 tcp dpt:netbios-ssn
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- 10.0.2.0/24 10.0.2.0/24 udp dpt:netbios-ssn
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- 10.0.2.0/24 10.0.2.0/24 tcp dpt:microsoft-ds
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:4662
ACCEPT udp -- anywhere anywhere udp dpt:4672
ACCEPT udp -- anywhere anywhere udp dpt:4665
ACCEPT tcp -- anywhere anywhere tcp dpt:4661
ACCEPT tcp -- anywhere anywhere tcp dpt:4712
ACCEPT tcp -- anywhere anywhere tcp dpt:4711
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:xxxx
ACCEPT tcp -- anywhere anywhere tcp dpt:5938
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:http-alt
ACCEPT tcp -- anywhere anywhere tcp dpts:ftp-data:ftp
ACCEPT tcp -- anywhere anywhere tcp dpts:55000:55100
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:submission
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:imap2
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s
ACCEPT udp -- 192.168.1.0/24 192.168.1.0/24 udp dpt:netbios-ns
ACCEPT tcp -- 192.168.1.0/24 192.168.1.0/24 tcp dpt:netbios-ns
ACCEPT tcp -- 192.168.1.0/24 192.168.1.0/24 tcp dpt:netbios-dgm
ACCEPT udp -- 192.168.1.0/24 192.168.1.0/24 udp dpt:netbios-dgm
ACCEPT tcp -- 192.168.1.0/24 192.168.1.0/24 tcp dpt:netbios-ssn
ACCEPT udp -- 192.168.1.0/24 192.168.1.0/24 udp dpt:netbios-ssn
ACCEPT tcp -- 192.168.1.0/24 192.168.1.0/24 tcp dpt:microsoft-ds
ACCEPT udp -- 10.0.2.0/24 10.0.2.0/24 udp dpt:netbios-ns
ACCEPT tcp -- 10.0.2.0/24 10.0.2.0/24 tcp dpt:netbios-ns
ACCEPT tcp -- 10.0.2.0/24 10.0.2.0/24 tcp dpt:netbios-dgm
ACCEPT udp -- 10.0.2.0/24 10.0.2.0/24 udp dpt:netbios-dgm
ACCEPT tcp -- 10.0.2.0/24 10.0.2.0/24 tcp dpt:netbios-ssn
ACCEPT udp -- 10.0.2.0/24 10.0.2.0/24 udp dpt:netbios-ssn
ACCEPT tcp -- 10.0.2.0/24 10.0.2.0/24 tcp dpt:microsoft-ds
ACCEPT tcp -- anywhere anywhere tcp dpt:4662
ACCEPT udp -- anywhere anywhere udp dpt:4672
ACCEPT udp -- anywhere anywhere udp dpt:4665
ACCEPT tcp -- anywhere anywhere tcp dpt:4661
ACCEPT tcp -- anywhere anywhere tcp dpt:4712
ACCEPT tcp -- anywhere anywhere tcp dpt:4711
sachant qu'à partir de thunar en local :
fonctionne et pas à distancesur le client ou je suis obligé de faire
smb://192.168.1.xx/partage
voilou, je pense que je dois louper juste une petite chose, mais ça me dérange, c'est sur c'est un soucis de parefeu mais où ???:|
je vous remercie beaucoup pour votre aide en espérant que j'ai donné assez d'infos
Dernière modification par totophe56 (29-09-2013 22:38:05)