Basic iptables and Samba configuration example

Basic iptables and Samba configuration example

• Basic concepts of iptable
• Iptables table chain rules
• Iptables packet transmission process
• Iptables Command Format
• Iptables common OPTIONS
  • COMMANDS
  • Description of common PARAMETERS
  • Use the match extensions extension module
  • Others
• Build a samba Server
  • Configure the samba server
  • Add a samba account
  • Disable SELinux Firewall
  • Configure iptables
    • First, view the current rule
    • Add rules to enable ports used by samba
    • View added rules
  • Save the current rule and enable samba

Basic concepts of iptable

The iptables firewall consists of the iptables module in the user space and the netfilter module in the kernel space. The user space module provides rules for inserting, modifying, and removing packet filtering tables. The kernel module performs actual filtering, so the more accurate name is iptables/netfilter.

• Table (tables): provides specific functions. iptables has four built-in tables: filter table, nat table, mangle table, and raw table, which are used for packet filtering respectively, network Address Translation, packet reconstruction (modification), and data tracking.
• Rule: in fact, it is a predefined condition of the network administrator.
• Chain: it is the path for packet propagation. Each chain is actually a check list among many rules. Each chain can have one or several rules. When a packet arrives at a chain, iptables checks the first rule in the chain to check whether the packet meets the conditions defined by the rule. There are five chains in total, namely INPUT, OUTPUT, FORWARD, PREROUTING, and POSTROUTING.

Iptables tables, links, and rules:

Iptables packet transmission process

Iptables Command Format

Iptables common OPTIONS Common commands COMMANDSExplanation:

• -A,-append chain: adds A rule to the end of the chain.
• -D,-delete chain: delete a rule
• -I,-insert chain [rulenum]: insert rules on the selected chain with the given rule number
• -R,-replace chain rulenum: replace a rule
• -L,-list [chain]: lists the rules of the specified table and chain.
• -F,-flush [chain]: deletes all rules in the [specified] table.

Common Parameters PARAMETERSExplanation:

• -P protocol type: You can specify the Protocol applied by the rule, that is, TCP, UDP, ICMP, and so on.
• -S source address: the address can be hostname or IP address.
• -D target IP Address
• -J action
• -Line-numbers: used with-L to display the rule's rulenum number
• -N: outputs IP addresses and ports in numbers.

Use MATCH EXTENSIONSExpansion module

• -M,-match module_name: Enable extended modules, such as state, tcp, udp, multiport, string, addrtype, mac, etc.
• Iptables-m module_name-h: view the help information of the extension module. For example:iptables -m mac -h

Others

• If the-t option is not available, the default table is the filter table.
• By default/Etc/sysconfig/iptablesFile
• Service iptables save: save the changed iptables

For example, set up a samba server and configure a samba Server

Modify/etc/samba/smb.confFile, first add the directory to be shared:

[workspace] writable = yes path = /root/

If you want to make the symbolic link accessible, add the following configuration in the [global] section of smb. conf:

follow symlinks = yes wide links = yes unix extensions = no

Add a samba account

smbpasswd -a smbpasswd -e

Disable SELinux Firewall

 # sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config # setenforce 0 # reboot

To configure iptables, first view the current rule:

[root@DDAN ~]# iptables -L --line-number Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT all -- anywhere anywhere 2 ACCEPT icmp -- anywhere anywhere 3 ACCEPT tcp -- anywhere anywhere tcp dpt:ssh 4 ACCEPT tcp -- anywhere anywhere tcp dpt:http 5 ACCEPT tcp -- anywhere anywhere tcp dpt:https 6 ACCEPT udp -- anywhere anywhere udp dpt:bootpc 7 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED 8 DROP all -- anywhere anywhere 

Add rules to enable ports used by samba

You can see that you want to add it to the front of rule 8. Otherwise, samba does not work:

iptables -I INPUT 8 -p udp -m multiport --dport 137,138 -j ACCEPT iptables -I INPUT 8 -p tcp -m state --state NEW -m multiport --dport 139,445 -j ACCEPT

View added rules

[root@DDAN ~]# iptables -L --line-number -n Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT all -- 0.0.0.0/0        2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 3 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68 7 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW multiport dports 139,445 9 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 137,138 10 DROP all -- 0.0.0.0/0 0.0.0.0/0

Save the current rule and enable samba:

# Save service iptables save # Enable smb: service smb restart # enable the smb random server to start chkconfig smb on

You can also useiptables -FDelete rules completely

-------------------------------------- Split line --------------------------------------

Iptables examples

Iptables-packet filtering (Network Layer) Firewall

Linux Firewall iptables

Iptables + L7 + Squid implements a complete software firewall

Basic use of iptables backup, recovery, and firewall scripts

Detailed description of firewall iptables usage rules in Linux

-------------------------------------- Split line --------------------------------------

This article permanently updates the link address: