Re: [newbie] Samba / Shorewall

Fri, 30 Apr 2004 04:25:47 -0700 

On Friday 30 Apr 2004 10:20, Klemens Arro wrote:
> On Friday 30 April 2004 09:35, Raffaele BELARDI wrote:
> > Klemens Arro wrote:
> > > whats with samba and shorewall? I cant use samba server or Smb4K (guess
> > > that shorewall blocks it). When I take the whole firewall down
> > > "Everything (no firewall)" then samba works perfectly, but then I can't
> > > share my ADSL connection.
> >
> > My /etc/shorewall/rules below, part relevant to samba server. It was
> > taken from the shorewall documentation, it works for me.
> >
> > raffaele
> >
> > #ACTION  SOURCE         DEST            PROTO   DEST    SOURCE    
> > ORIGINAL #                                               PORT    PORT(S) 
> >   DEST # samba ports
> > ACCEPT  net             fw              udp     137:139
> > ACCEPT  net             fw              tcp     137,139
> > ACCEPT  net             fw              udp     1024:   137
>
> This doenn't help either :(
> My /etc/shorewall/rules looks like this (made by mcc)
> ACCEPT  net     fw      udp     137,138,139     -
You DO NOT want this line. As I commented to Raffaele this opens the firewall 
to Windows networking over the Internet interface *very insecure!*

> ACCEPT  net     fw      tcp     80,443,20,21,25,137,138,139     -
This line opens your computer to the internet for Web server (80), Secure web 
server (443), ftp (20,21), SMTP (25), and Windows networking (137,138,139)

You should only have these ports open if you actually want to use them, and of 
course 137,138, and 139 should not be exposed to the Internet


> ACCEPT  loc     fw      udp     137,138,139     -
> ACCEPT  loc     fw      tcp     80,443,20,21,25,137,138,139     -
> REDIRECT        loc     3128    tcp     www     -
> ACCEPT  fw      net     tcp     www


Try adding the line to /etc/shorewall/policy

fw              loc             ACCEPT

That will allow all services running on your firewall device samba, etc to 
connect to the local network. If that is too broad for you then add
ACCEPT  fw     loc      udp     137,138,139     -
ACCEPT  fw    loc      tcp     137,138,139     -

to /etc/shorewall/rules instead

After making any change to shorewall restart it
 with 
'shorewall restart' in a root terminal.


derek


-- 
www.jennings.homelinux.net
http://twiki.mdklinuxfaq.org


____________________________________________________
Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________

Reply via email to