Go into your firewall file /etc/sysconfig/iptables.
If you use Active Directory and want to enable that function ONLY in Samba use.
-A RH-Firewall-1-INPUT -s 192.168.10.0/24 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.10.0/24 -m state --state NEW -m udp -p udp --dport 445 -j ACCEPT
Don’t be scared of the syntax. I’m not going to cover firewalls but understand the basics.
-s (ip address) limits to the Class C ip addresses of your installation. Of course you need to modify to your own network and this makes is far more secure than giving the entire world access to your network.
--state NEW [basically means a new rule.]
-p [the port you want to open up which is either tcp or udp. I’ve done the hard work for you so you don’t have to figure out which type to open up]
dport 445 [This is the port number. Again for AD we use port 445.
Now, if your Samba setup demands the old netbios calls:
-A RH-Firewall-1-INPUT -s 192.168.10.0/24 -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.10.0/24 -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.10.0/24 -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
Be sure to watch out for case issues and don’t make a mistake on tcp or udp otherwise samba won’t function properly. This has to be right — as I’ve found out myself with a couple of typos!
Now restart the firewall. There are two ways of restarting a service on CentOS
- service iptables restart
- /etc/init.d/iptables restart
Either one works. You can also just restart the server if you want to as well.
note: You can use Redhat’s system tool for editing the firewall, but it is not recommend. It won’t add the -s parameter and will open up all the samba ports 137 – 139 and 445 which is not a recommended scenario.
SOURCE: https://wiki.centos.org/HowTos/SetUpSamba