On Friday 30 Apr 2004 19:24, Klemens Arro wrote: > On Friday 30 April 2004 13:54, Derek Jennings wrote: > > On Friday 30 Apr 2004 10:20, Klemens Arro wrote: > > > On Friday 30 April 2004 09:35, Raffaele BELARDI wrote: > > > > Klemens Arro wrote: > > > > > whats with samba and shorewall? I cant use samba server or Smb4K > > > > > (guess that shorewall blocks it). When I take the whole firewall > > > > > down "Everything (no firewall)" then samba works perfectly, but > > > > > then I can't share my ADSL connection. > > > > > > > > My /etc/shorewall/rules below, part relevant to samba server. It was > > > > taken from the shorewall documentation, it works for me. > > > > > > > > raffaele > > > > > > > > #ACTION SOURCE DEST PROTO DEST SOURCE > > > > ORIGINAL # PORT > > > > PORT(S) DEST # samba ports > > > > ACCEPT net fw udp 137:139 > > > > ACCEPT net fw tcp 137,139 > > > > ACCEPT net fw udp 1024: 137 > > > > > > This doenn't help either :( > > > My /etc/shorewall/rules looks like this (made by mcc) > > > ACCEPT net fw udp 137,138,139 - > > > > You DO NOT want this line. As I commented to Raffaele this opens the > > firewall to Windows networking over the Internet interface *very > > insecure!* > > > > > ACCEPT net fw tcp 80,443,20,21,25,137,138,139 - > > > > This line opens your computer to the internet for Web server (80), Secure > > web server (443), ftp (20,21), SMTP (25), and Windows networking > > (137,138,139) > > > > You should only have these ports open if you actually want to use them, > > and of course 137,138, and 139 should not be exposed to the Internet > > > > > ACCEPT loc fw udp 137,138,139 - > > > ACCEPT loc fw tcp 80,443,20,21,25,137,138,139 - > > > REDIRECT loc 3128 tcp www - > > > ACCEPT fw net tcp www > > > > Try adding the line to /etc/shorewall/policy > > > > fw loc ACCEPT > > > > That will allow all services running on your firewall device samba, etc > > to connect to the local network. If that is too broad for you then add > > ACCEPT fw loc udp 137,138,139 - > > ACCEPT fw loc tcp 137,138,139 - > > > > to /etc/shorewall/rules instead > > > > After making any change to shorewall restart it > > with > > 'shorewall restart' in a root terminal. > > > > > > derek > > now it shows me all computers at my network, but when i try to connect it > tells me: "Connection to X failed" and nobody can't see me.
You need to check that the firewall is open from 'fw' to 'loc', and from 'loc' to 'fw' If you look at your syslog you will be able to see if any packets are being discarded. derek -- www.jennings.homelinux.net http://twiki.mdklinuxfaq.org
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
