So given the above, the problem is still a problem.
KevinO wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This probably isn't what you want to hear but...A firewall should be a firewall and NOT a file server. It is poor security practice to put anything on a firewall box that is not absolutely required. Use your existing box as a file server and get another, smaller box and use it as your firewall, NAT (connection sharing) box. My $.02 KevinO Jim C wrote:HAaaAAAaaalp! ;-) Background: Server is Mdk 9.0 and my two clients are XP boxes. I can't get Samba, shorewall and Connection Shareing to play nice on the same box. If two of them work then the third does not. The shorewall website says to add these rules to /etc/shorewall/rules:[]# cat rules.sav ACCEPT fw loc udp 137:139 ACCEPT fw loc tcp 137,139 ACCEPT fw loc udp 1024: 137 ACCEPT loc fw udp 137:139 ACCEPT loc fw tcp 137,139 ACCEPT loc fw udp 1024: 137 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVEUnfortunatley this does not help. What I get is a really slow refresh of My Network Places and then clicking on the box with shorewall and ICS on it causes the error message: "//enigma is not accessible. You might not have permission to use the network resource. Contact your Adminstrator..." yata, yata, yata. Now samba should be set up right because I've been able to access it once or twice while fiddleing. Only at the expense of something else, however. Is there a port I am missing or something? The rest of the rules file currently looks like this:############################################################################## #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL # PORT PORT(S) DEST ACCEPT net fw udp 53 - ACCEPT net fw tcp 53,22,20,21 - ACCEPT masq fw udp 53 - ACCEPT masq fw tcp 53,22,20,21 - ACCEPT loc fw udp 53 - ACCEPT loc fw tcp 53,22,20,21 - ACCEPT masq fw tcp domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp - ACCEPT masq fw udp domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp - ACCEPT fw masq tcp 631,137,138,139 - ACCEPT fw masq udp 631,137,138,139 - ACCEPT fw loc udp 137:139 ACCEPT fw loc tcp 137,139 ACCEPT fw loc udp 1024: 137 ACCEPT loc fw udp 137:139 ACCEPT loc fw tcp 137,139 ACCEPT loc fw udp 1024: 137 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE------------------------------------------------------------------------ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com- -- KevinO Matz's Law: A conclusion is the place where you got tired of thinking. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE95m6AjBS1mMJB+bQRAq/xAKC5YAIytfq2QmU5+7Jd+/1dI0W4JACeIYDs DO8rxKvNrhbwquT9NsgshJk= =ZoZ4 -----END PGP SIGNATURE-----
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com