English
Italian
The CIFS server (as well as FTP) uses ports in the privileged socket range (137, 138, 139, 21 etc.), so if you are in a unix machine you will be required to run Alfresco from a privileged account. To avoid this you can run CIFS on non privileged ports using iptables (administration tool for IPv4 packet filtering and NAT) and the built-ins PREROUTING chain in a nat table.
Let’s see how to configure iptable in a CentOS operative system.
Ensure you define non privileged ports in the alfresco-global.properties.
### CIFS/SMB ### cifs.enabled=true cifs.ipv6.enabled=false cifs.tcpipSMB.port=1445 cifs.netBIOSSMB.namePort=1137 cifs.netBIOSSMB.datagramPort=1138 cifs.netBIOSSMB.sessionPort=1139 ### FTP ### ftp.enabled=true ftp.port=2121
Update the iptables configuration file.
$ vi /etc/sysconfig/iptables
### Define the nat table ### *nat :PREROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A PREROUTING -p udp --dport 137 -j REDIRECT --to-ports 1137 -A PREROUTING -p udp --dport 138 -j REDIRECT --to-ports 1138 -A PREROUTING -p tcp --dport 139 -j REDIRECT --to-ports 1139 -A PREROUTING -p tcp --dport 445 -j REDIRECT --to-ports 1445 -A PREROUTING -p tcp --dport 21 -j REDIRECT --to-ports 2121 COMMIT ### Define the filter table to firewalling services ### *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT -A RH-Firewall-1-INPUT -m tcp -p tcp --dport 139 -j ACCEPT -A RH-Firewall-1-INPUT -m tcp -p tcp --dport 445 -j ACCEPT -A RH-Firewall-1-INPUT -m tcp -p tcp --dport 21 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT
/etc/init.d/iptables restart
A note about the ipv4 forwarding
$ vi /etc/sysctl.conf net.ipv4.ip_forward = 1 $ sysctl -p /etc/sysctl.conf $ /etc/init.d/iptables restart $ iptables -t nat -L -nv
It is nice to have a recipe for this common task.
Thanks!
My idea is to collect a series of quick useful tips for rapid settings and maintenances. When I client call for support I need a practical vademecum…you now 😉
Hi, can you explain why it says :
cifs.enabled=false
Or is this just a mistake?
Hi Max,
thanks for you comments.
Obviously the cifs service must be enabled. I updated it
😉