Re: [newbie] Samba / Shorewall
Klemens Arro wrote: whats with samba and shorewall? I cant use samba server or Smb4K (guess that shorewall blocks it). When I take the whole firewall down Everything (no firewall) then samba works perfectly, but then I can't share my ADSL connection. My /etc/shorewall/rules below, part relevant to samba server. It was taken from the shorewall documentation, it works for me. raffaele #ACTION SOURCE DESTPROTO DESTSOURCE ORIGINAL # PORTPORT(S)DEST # samba ports ACCEPT net fw udp 137:139 ACCEPT net fw tcp 137,139 ACCEPT net fw udp 1024: 137 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Samba / Shorewall
On Friday 30 Apr 2004 07:35, Raffaele BELARDI wrote: Klemens Arro wrote: whats with samba and shorewall? I cant use samba server or Smb4K (guess that shorewall blocks it). When I take the whole firewall down Everything (no firewall) then samba works perfectly, but then I can't share my ADSL connection. My /etc/shorewall/rules below, part relevant to samba server. It was taken from the shorewall documentation, it works for me. raffaele #ACTION SOURCE DESTPROTO DESTSOURCE ORIGINAL # PORTPORT(S)DEST # samba ports ACCEPT net fw udp 137:139 ACCEPT net fw tcp 137,139 ACCEPT net fw udp 1024: 137 Well I hope you have another firewall further upstream from your computer, because what these lines do is to open up Windows networking directly to the Internet so anyone+dog can browse your shared folders. If you want to enable Samba to computers in your local network, the lines ACCEPT loc fw udp 137,138,139 ACCEPT loc fw tcp 137,138,139 will do the trick (assuming the local network is called 'loc' in some cases it may be called 'masq' ) As an additional precaution it is a good idea to set the line interfaces= eth1 (where eth1 is the local network) in your /etc/samba/smb.conf file. This will force samba to only use that interface instead of the default which is all interfaces. Not only will it prevent people from outside connecting to samba, but it will stop samba timing out when it sends packets to the network interface which are then dropped by shorewall. derek -- www.jennings.homelinux.net http://twiki.mdklinuxfaq.org Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Samba / Shorewall
Derek Jennings wrote: On Friday 30 Apr 2004 07:35, Raffaele BELARDI wrote: Well I hope you have another firewall further upstream from your computer, because what these lines do is to open up Windows networking directly to the Internet so anyone+dog can browse your shared folders. Yes I do, and also I use the hosts allow entry in smb.conf to limit access to a very limited set of co-workers' machines. Anyway, thanks for the tip, I admit I did not do much study on the samba/shorewall configuration. raffaele Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Samba / Shorewall
On Friday 30 April 2004 03:02, Steve Jeppesen wrote: Klemens, I maybe wrong, but I thought you had to open ports 137, 138 and 139. Double check to be sure Yes, you are right. But this didn't help either. -- Klemens Arro My software never has bugs; it just develops random features. Using: Mandrake Linux 10 Registered Linux User#: 346118 ICQ#: 179198850 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Samba / Shorewall
On Friday 30 April 2004 09:35, Raffaele BELARDI wrote: Klemens Arro wrote: whats with samba and shorewall? I cant use samba server or Smb4K (guess that shorewall blocks it). When I take the whole firewall down Everything (no firewall) then samba works perfectly, but then I can't share my ADSL connection. My /etc/shorewall/rules below, part relevant to samba server. It was taken from the shorewall documentation, it works for me. raffaele #ACTION SOURCE DESTPROTO DESTSOURCE ORIGINAL # PORTPORT(S)DEST # samba ports ACCEPT net fw udp 137:139 ACCEPT net fw tcp 137,139 ACCEPT net fw udp 1024: 137 This doenn't help either :( My /etc/shorewall/rules looks like this (made by mcc) ACCEPT net fw udp 137,138,139 - ACCEPT net fw tcp 80,443,20,21,25,137,138,139 - ACCEPT loc fw udp 137,138,139 - ACCEPT loc fw tcp 80,443,20,21,25,137,138,139 - REDIRECTloc 3128tcp www - ACCEPT fw net tcp www -- Klemens Arro My software never has bugs; it just develops random features. Using: Mandrake Linux 10 Registered Linux User#: 346118 ICQ#: 179198850 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Samba / Shorewall
On Friday 30 April 2004 09:35, Raffaele BELARDI wrote: Klemens Arro wrote: whats with samba and shorewall? I cant use samba server or Smb4K (guess that shorewall blocks it). When I take the whole firewall down Everything (no firewall) then samba works perfectly, but then I can't share my ADSL connection. My /etc/shorewall/rules below, part relevant to samba server. It was taken from the shorewall documentation, it works for me. raffaele #ACTION SOURCE DESTPROTO DESTSOURCE ORIGINAL # PORTPORT(S)DEST # samba ports ACCEPT net fw udp 137:139 ACCEPT net fw tcp 137,139 ACCEPT net fw udp 1024: 137 This doenn't help either :( My /etc/shorewall/rules looks like this (made by mcc) ACCEPT net fw udp 137,138,139 - ACCEPT net fw tcp 80,443,20,21,25,137,138,139 - ACCEPT loc fw udp 137,138,139 - ACCEPT loc fw tcp 80,443,20,21,25,137,138,139 - REDIRECTloc 3128tcp www - ACCEPT fw net tcp www * Sorry, I had a spelling error, I fixed this ;) -- Klemens Arro My software never has bugs; it just develops random features. Using: Mandrake Linux 10 Registered Linux User#: 346118 ICQ#: 179198850 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Samba / Shorewall
On Friday 30 Apr 2004 10:20, Klemens Arro wrote: On Friday 30 April 2004 09:35, Raffaele BELARDI wrote: Klemens Arro wrote: whats with samba and shorewall? I cant use samba server or Smb4K (guess that shorewall blocks it). When I take the whole firewall down Everything (no firewall) then samba works perfectly, but then I can't share my ADSL connection. My /etc/shorewall/rules below, part relevant to samba server. It was taken from the shorewall documentation, it works for me. raffaele #ACTION SOURCE DESTPROTO DESTSOURCE ORIGINAL # PORTPORT(S) DEST # samba ports ACCEPT net fw udp 137:139 ACCEPT net fw tcp 137,139 ACCEPT net fw udp 1024: 137 This doenn't help either :( My /etc/shorewall/rules looks like this (made by mcc) ACCEPT net fw udp 137,138,139 - You DO NOT want this line. As I commented to Raffaele this opens the firewall to Windows networking over the Internet interface *very insecure!* ACCEPT net fw tcp 80,443,20,21,25,137,138,139 - This line opens your computer to the internet for Web server (80), Secure web server (443), ftp (20,21), SMTP (25), and Windows networking (137,138,139) You should only have these ports open if you actually want to use them, and of course 137,138, and 139 should not be exposed to the Internet ACCEPT loc fw udp 137,138,139 - ACCEPT loc fw tcp 80,443,20,21,25,137,138,139 - REDIRECTloc 3128tcp www - ACCEPT fw net tcp www Try adding the line to /etc/shorewall/policy fw loc ACCEPT That will allow all services running on your firewall device samba, etc to connect to the local network. If that is too broad for you then add ACCEPT fw loc udp 137,138,139 - ACCEPT fwloc tcp 137,138,139 - to /etc/shorewall/rules instead After making any change to shorewall restart it with 'shorewall restart' in a root terminal. derek -- www.jennings.homelinux.net http://twiki.mdklinuxfaq.org Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Samba / Shorewall
On Friday 30 April 2004 13:54, Derek Jennings wrote: On Friday 30 Apr 2004 10:20, Klemens Arro wrote: On Friday 30 April 2004 09:35, Raffaele BELARDI wrote: Klemens Arro wrote: whats with samba and shorewall? I cant use samba server or Smb4K (guess that shorewall blocks it). When I take the whole firewall down Everything (no firewall) then samba works perfectly, but then I can't share my ADSL connection. My /etc/shorewall/rules below, part relevant to samba server. It was taken from the shorewall documentation, it works for me. raffaele #ACTION SOURCE DESTPROTO DESTSOURCE ORIGINAL # PORT PORT(S) DEST # samba ports ACCEPT net fw udp 137:139 ACCEPT net fw tcp 137,139 ACCEPT net fw udp 1024: 137 This doenn't help either :( My /etc/shorewall/rules looks like this (made by mcc) ACCEPT net fw udp 137,138,139 - You DO NOT want this line. As I commented to Raffaele this opens the firewall to Windows networking over the Internet interface *very insecure!* ACCEPT net fw tcp 80,443,20,21,25,137,138,139 - This line opens your computer to the internet for Web server (80), Secure web server (443), ftp (20,21), SMTP (25), and Windows networking (137,138,139) You should only have these ports open if you actually want to use them, and of course 137,138, and 139 should not be exposed to the Internet ACCEPT loc fw udp 137,138,139 - ACCEPT loc fw tcp 80,443,20,21,25,137,138,139 - REDIRECTloc 3128tcp www - ACCEPT fw net tcp www Try adding the line to /etc/shorewall/policy fwloc ACCEPT That will allow all services running on your firewall device samba, etc to connect to the local network. If that is too broad for you then add ACCEPT fw loc udp 137,138,139 - ACCEPT fwloc tcp 137,138,139 - to /etc/shorewall/rules instead After making any change to shorewall restart it with 'shorewall restart' in a root terminal. derek now it shows me all computers at my network, but when i try to connect it tells me: Connection to X failed and nobody can't see me. -- Klemens Arro My software never has bugs; it just develops random features. Using: Mandrake Linux 10 Registered Linux User#: 346118 ICQ#: 179198850 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Samba / Shorewall
On Friday 30 Apr 2004 19:24, Klemens Arro wrote: On Friday 30 April 2004 13:54, Derek Jennings wrote: On Friday 30 Apr 2004 10:20, Klemens Arro wrote: On Friday 30 April 2004 09:35, Raffaele BELARDI wrote: Klemens Arro wrote: whats with samba and shorewall? I cant use samba server or Smb4K (guess that shorewall blocks it). When I take the whole firewall down Everything (no firewall) then samba works perfectly, but then I can't share my ADSL connection. My /etc/shorewall/rules below, part relevant to samba server. It was taken from the shorewall documentation, it works for me. raffaele #ACTION SOURCE DESTPROTO DESTSOURCE ORIGINAL # PORT PORT(S) DEST # samba ports ACCEPT net fw udp 137:139 ACCEPT net fw tcp 137,139 ACCEPT net fw udp 1024: 137 This doenn't help either :( My /etc/shorewall/rules looks like this (made by mcc) ACCEPT net fw udp 137,138,139 - You DO NOT want this line. As I commented to Raffaele this opens the firewall to Windows networking over the Internet interface *very insecure!* ACCEPT net fw tcp 80,443,20,21,25,137,138,139 - This line opens your computer to the internet for Web server (80), Secure web server (443), ftp (20,21), SMTP (25), and Windows networking (137,138,139) You should only have these ports open if you actually want to use them, and of course 137,138, and 139 should not be exposed to the Internet ACCEPT loc fw udp 137,138,139 - ACCEPT loc fw tcp 80,443,20,21,25,137,138,139 - REDIRECTloc 3128tcp www - ACCEPT fw net tcp www Try adding the line to /etc/shorewall/policy fw loc ACCEPT That will allow all services running on your firewall device samba, etc to connect to the local network. If that is too broad for you then add ACCEPT fw loc udp 137,138,139 - ACCEPT fwloc tcp 137,138,139 - to /etc/shorewall/rules instead After making any change to shorewall restart it with 'shorewall restart' in a root terminal. derek now it shows me all computers at my network, but when i try to connect it tells me: Connection to X failed and nobody can't see me. You need to check that the firewall is open from 'fw' to 'loc', and from 'loc' to 'fw' If you look at your syslog you will be able to see if any packets are being discarded. derek -- www.jennings.homelinux.net http://twiki.mdklinuxfaq.org Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Samba / Shorewall
On Fri, 30 Apr 2004 00:23:41 +0300 Klemens Arro [EMAIL PROTECTED] wrote: whats with samba and shorewall? I cant use samba server or Smb4K (guess that shorewall blocks it). When I take the whole firewall down Everything (no firewall) then samba works perfectly, but then I can't share my ADSL connection. By allowing ports 193-194 doesn't help, neither by telling shorewall to allow Samba server! -- Klemens Arro Klemens, I maybe wrong, but I thought you had to open ports 137, 138 and 139. Double check to be sure -- Linux user #280097 Machines #162480 #191825 http://counter.li.org Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
