On Friday 30 Apr 2004 07:35, Raffaele BELARDI wrote: > Klemens Arro wrote: > > whats with samba and shorewall? I cant use samba server or Smb4K (guess > > that shorewall blocks it). When I take the whole firewall down > > "Everything (no firewall)" then samba works perfectly, but then I can't > > share my ADSL connection. > > My /etc/shorewall/rules below, part relevant to samba server. It was > taken from the shorewall documentation, it works for me. > > raffaele > > #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL > # PORT PORT(S) DEST > # samba ports > ACCEPT net fw udp 137:139 > ACCEPT net fw tcp 137,139 > ACCEPT net fw udp 1024: 137
Well I hope you have another firewall further upstream from your computer, because what these lines do is to open up Windows networking directly to the Internet so anyone+dog can browse your shared folders. If you want to enable Samba to computers in your local network, the lines ACCEPT loc fw udp 137,138,139 ACCEPT loc fw tcp 137,138,139 will do the trick (assuming the local network is called 'loc' in some cases it may be called 'masq' ) As an additional precaution it is a good idea to set the line interfaces= eth1 (where eth1 is the local network) in your /etc/samba/smb.conf file. This will force samba to only use that interface instead of the default which is all interfaces. Not only will it prevent people from outside connecting to samba, but it will stop samba timing out when it sends packets to the network interface which are then dropped by shorewall. derek -- www.jennings.homelinux.net http://twiki.mdklinuxfaq.org
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
