-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This probably isn't what you want to hear but...
A firewall should be a firewall and NOT a file server. It is poor security practice to put anything on a firewall box that is not absolutely required. Use your existing box as a file server and get another, smaller box and use it as your firewall, NAT (connection sharing) box. My $.02 KevinO Jim C wrote: > HAaaAAAaaalp! ;-) > > Background: Server is Mdk 9.0 and my two clients are XP boxes. > I can't get Samba, shorewall and Connection Shareing to play nice on the > same box. If two of them work then the third does not. The shorewall > website says to add these rules to /etc/shorewall/rules: > >> []# cat rules.sav >> ACCEPT fw loc udp 137:139 >> ACCEPT fw loc tcp 137,139 >> ACCEPT fw loc udp 1024: 137 >> ACCEPT loc fw udp 137:139 ACCEPT loc fw >> tcp 137,139 ACCEPT loc fw udp 1024: 137 >> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE > > > Unfortunatley this does not help. What I get is a really slow refresh > of My Network Places and then clicking on the box with shorewall and ICS > on it causes the error message: "//enigma is not accessible. You might > not have permission to use the network resource. Contact your > Adminstrator..." yata, yata, yata. Now samba should be set up right > because I've been able to access it once or twice while fiddleing. Only > at the expense of something else, however. Is there a port I am missing > or something? The rest of the rules file currently looks like this: > >> ############################################################################## >> >> #ACTION SOURCE DEST PROTO DEST SOURCE >> ORIGINAL >> # PORT PORT(S) DEST >> ACCEPT net fw udp 53 - >> ACCEPT net fw tcp 53,22,20,21 - >> ACCEPT masq fw udp 53 - >> ACCEPT masq fw tcp 53,22,20,21 - >> ACCEPT loc fw udp 53 - >> ACCEPT loc fw tcp 53,22,20,21 - >> ACCEPT masq fw tcp >> domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp - >> ACCEPT masq fw udp >> domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp - >> ACCEPT fw masq tcp 631,137,138,139 - >> ACCEPT fw masq udp 631,137,138,139 - >> ACCEPT fw loc udp 137:139 >> ACCEPT fw loc tcp 137,139 >> ACCEPT fw loc udp 1024: 137 >> ACCEPT loc fw udp 137:139 ACCEPT loc fw >> tcp 137,139 ACCEPT loc fw udp 1024: 137 >> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE > > > > > > > ------------------------------------------------------------------------ > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com - -- KevinO Matz's Law: A conclusion is the place where you got tired of thinking. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE95m6AjBS1mMJB+bQRAq/xAKC5YAIytfq2QmU5+7Jd+/1dI0W4JACeIYDs DO8rxKvNrhbwquT9NsgshJk= =ZoZ4 -----END PGP SIGNATURE-----
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
