User Tools

Site Tools


doc:howto:cifs.server
>>>>> Wiki-merge in process >>>>> wiki.openwrt.org + openwrt.org are going to be merged soon, this wiki therefore being read only. Once pages are transfered to openwrt.org, you can edit them again.

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
doc:howto:cifs.server [2015/10/25 09:45]
diizzy Bold text probably helps a bit about RAM requirements...
doc:howto:cifs.server [2017/10/08 22:23] (current)
insanid cleaned up iptables reference. corrected grammar.
Line 145: Line 145:
 Since [[doc:​howto:​netfilter]] will track every connection, if you use MASQUERADING for example, you should disable con-tracking for data connections. The basic idea looks likes this, you must adapt this to your firewall setting. Since [[doc:​howto:​netfilter]] will track every connection, if you use MASQUERADING for example, you should disable con-tracking for data connections. The basic idea looks likes this, you must adapt this to your firewall setting.
 <code bash> <code bash>
-$IPT -t raw -A OUTPUT -o $IF_LAN ​-s $IP_LAN ​-p tcp --sport 139 -j CT --notrack #​------------------ don't track SMB +iptables ​-t raw -A OUTPUT -o interface ​-s LAN_IP ​-p tcp --sport 139 -j CT --notrack #​------------------ don't track SMB 
-$IPT -t raw -A OUTPUT -o $IF_LAN ​-s $IP_LAN ​-p tcp --sport 445 -j CT --notrack #​------------------ don't track SMB +iptables ​-t raw -A OUTPUT -o interface ​-s LAN_IP ​-p tcp --sport 445 -j CT --notrack #​------------------ don't track SMB 
-$IPT -t raw -A PREROUTING -o $IF_LAN ​-s $IP_LAN ​-p tcp --dport 139 -j CT --notrack #​------------------ don't track SMB +iptables ​-t raw -A PREROUTING -o interface ​-s LAN_IP ​-p tcp --dport 139 -j CT --notrack #​------------------ don't track SMB 
-$IPT -t raw -A PREROUTING -o $IF_LAN ​-s $IP_LAN ​-p tcp --dport 445 -j CT --notrack #​------------------ don't track SMB+iptables ​-t raw -A PREROUTING -o interface ​-s LAN_IP ​-p tcp --dport 445 -j CT --notrack #​------------------ don't track SMB
 </​code>​ </​code>​
  
-It probably would rather avoid trouble if you do this UCI conform in ''​[[doc:​uci:​firewall|/​etc/​config/​firewall]]'':​+Replace interface and LAN_IP with the appropriate values. 
 + 
 +It's recommended to add the following to the UCI configuration file ''​[[doc:​uci:​firewall|/​etc/​config/​firewall]]'':​
  
 <​code>​ <​code>​
doc/howto/cifs.server.txt · Last modified: 2017/10/08 22:23 by insanid