[ale] Iptables: Temporarily mounting a windows share

James P. Kinney III jkinney at localnetsolutions.com
Mon Jan 16 16:47:28 EST 2006 

On Mon, 2006-01-16 at 15:06 -0500, Jeff Hubbs wrote:
> That's pretty much the plan - it's the "..." after "iptables -I" that 
> I'm concerned about.
> 
> - Jeff
> 
> Joe Steele wrote:
> 
> >Sounds like you want to do something like this:
> >
> ># save your existing rules
> >iptables-save  > original-rules
> ># Add additional rules needed for mounting the share:
> >iptables -I ...

iptables -A INPUT -s <ip 0f windows machine> -m tcp -p tcp --dport
137:139 -j ACCEPT

> >. . .
> ># mount the share
> >mount -t cifs ...
> ># copy your files
> >. . .
> ># umount
> >. . .
> ># Restore the original firewall
> >iptables-restore < original-rules
> >
> >--Joe
> > 
> >
> >Jeff Hubbs wrote:
> >  
> >
> >>My cleanest option for offloading backup tarballs from an 
> >>Internet-reachable server involves dropping the tarballs onto a nearby 
> >>Windows server that's already part of the backup rotation.  My iptables 
> >>rules preclude this at the moment.
> >>
> >>Instead of modifying my iptables script to allow me to "mount -t 
> >>cifs..." from the server at any time, I'd prefer to have the backup 
> >>script make the minimum necessary iptables rules changes temporarily, 
> >>mount the windows share, write the tarballs to the mount point, unmount 
> >>the windows share, and change the iptables rules back like they were.   
> >>How might I invoke this in my backup script?
> >>
> >>Jeff
> >>    
> >>
> >_______________________________________________
> >Ale mailing list
> >Ale at ale.org
> >http://www.ale.org/mailman/listinfo/ale
> >
> >  
> >
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
-- 
James P. Kinney III          \Changing the mobile computing world/
CEO & Director of Engineering \          one Linux user         /
Local Net Solutions,LLC        \           at a time.          /
770-493-8244                    \.___________________________./
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part

More information about the Ale mailing list