User Tools

Site Tools


doc:howto:cifs.server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
doc:howto:cifs.server [2015/10/25 09:45]
diizzy Bold text probably helps a bit about RAM requirements...
doc:howto:cifs.server [2017/10/08 22:23] (current)
insanid cleaned up iptables reference. corrected grammar.
Line 145: Line 145:
 Since [[doc:​howto:​netfilter]] will track every connection, if you use MASQUERADING for example, you should disable con-tracking for data connections. The basic idea looks likes this, you must adapt this to your firewall setting. Since [[doc:​howto:​netfilter]] will track every connection, if you use MASQUERADING for example, you should disable con-tracking for data connections. The basic idea looks likes this, you must adapt this to your firewall setting.
 <code bash> <code bash>
-$IPT -t raw -A OUTPUT -o $IF_LAN ​-s $IP_LAN ​-p tcp --sport 139 -j CT --notrack #​------------------ don't track SMB +iptables ​-t raw -A OUTPUT -o interface ​-s LAN_IP ​-p tcp --sport 139 -j CT --notrack #​------------------ don't track SMB 
-$IPT -t raw -A OUTPUT -o $IF_LAN ​-s $IP_LAN ​-p tcp --sport 445 -j CT --notrack #​------------------ don't track SMB +iptables ​-t raw -A OUTPUT -o interface ​-s LAN_IP ​-p tcp --sport 445 -j CT --notrack #​------------------ don't track SMB 
-$IPT -t raw -A PREROUTING -o $IF_LAN ​-s $IP_LAN ​-p tcp --dport 139 -j CT --notrack #​------------------ don't track SMB +iptables ​-t raw -A PREROUTING -o interface ​-s LAN_IP ​-p tcp --dport 139 -j CT --notrack #​------------------ don't track SMB 
-$IPT -t raw -A PREROUTING -o $IF_LAN ​-s $IP_LAN ​-p tcp --dport 445 -j CT --notrack #​------------------ don't track SMB+iptables ​-t raw -A PREROUTING -o interface ​-s LAN_IP ​-p tcp --dport 445 -j CT --notrack #​------------------ don't track SMB
 </​code>​ </​code>​
  
-It probably would rather avoid trouble if you do this UCI conform in ''​[[doc:​uci:​firewall|/​etc/​config/​firewall]]'':​+Replace interface and LAN_IP with the appropriate values. 
 + 
 +It's recommended to add the following to the UCI configuration file ''​[[doc:​uci:​firewall|/​etc/​config/​firewall]]'':​
  
 <​code>​ <​code>​
doc/howto/cifs.server.txt · Last modified: 2017/10/08 22:23 by insanid