On Sunday 26 Oct 2003 7:47 am, [EMAIL PROTECTED] wrote: > It has taken me several months to work out that the reason I can't > access the SAMBA server I have set up is because of the Shorewall > settings configured by invoking MDK9.x ICS. > > At least that is my reading of it. > > Essentially, everything else on my network seems to work - ICS, and the > Linux box can read and write to the shared folders on the WinXP boxes. > However, although I can see the Samba Server connection on the WinXP > box, attempting to open it results in "Network Path not found". I cannot > ping 192.168.1.1 > > However, when I disable Shorewall, I can ping 192.168.1.1 and I can > access Samba. But now ICS is disabled :( > > I have tried to make of sense of the "instructions and solutions" out > there on the internet. Frankly, my head is spinning. The Quickstart > guide at Shorewall.net left me even more confused. > > Is anyone able to give me a simple, plain english explanation on how to > configure Shorewall & ICS so the other computers on my local workgroup > network can access SAMBA? > > > Many thanks in advance...
Shorewall is a very effective firewall, but there are a couple of things you should know. 1/ Mandrake sets up shorewall assuming eth0 is the Internet and eth1 is the local network. If you use anything else (such as ADSL) then edit /etc/shorewall/interfaces accordingly. (an ADSL interface is usually ppp0) 2/ By default shorewall disables ping. If you want to enable ping to the firewall device then edit /etc/shorewall/rules and add the line ACCEPT masq fw icmp 8 to allow pings from the local network, or ACCEPT net fw icmp 8 to allow ping from the Internet 3/ Mandrake sets up shorewall with 3 zones. 'net' is the internet, 'masq' is the local network, and 'fw' is the firewall device itself. If you want the firewall device to run other services (such as samba) then you must open up ports to 'fw' from 'net' or 'masq' as appropriate. Edit /etc/shorewall/rules For example to enable samba to the firewall box from the local network. ACCEPT masq fw tcp 137,138,139 ACCEPT masq fw udp 137,138,139 (I assume you do not want to open samba to the 'net' interface) If you do not mind reducing your security a little you might like to consider opening *all* services between the firewall and local network. You can do that by editing /etc/shorewall/policy and add the line masq fw ACCEPT 4/ After making any change to the shorewall files restart it with shorewall restart in a root terminal. derek -- ---------------------------------- www.jennings.homelinux.net http://twiki.mdklinuxfaq.org
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com