Hi, I have a working Shorewall firewall connection. Just recently I setup a VPN connection between two FRITZ!Box networks <https://en.avm.de/service/fritzbox/fritzbox-7390/knowledge-base/publication/show/5_Setting-up-a-VPN-connection-between-two-FRITZ-Box-networks/>: netA + netB Hereby I can connect to a PC in netB from any PC in netA using SSH. However, I cannot connect to a Windows server in netB from a PC in netA using Samba CIFS.
I have created a TCPdump on Windows server when trying to establish connection from client: /tcpdump_cifs_server_failure.txt/ And I have created a TCPdump on the Linux client (in netA) when trying to establish connection: /tcpdump_cifs_client.txt/ In addition I have created shorewall dump and attached to this email. To verify if the CIFS connection is working, I connected from client in netB to Windows server, and this was successfull. The relevant TCPdump is attached, too: /tcpdump_cifs_server_working.txt/ My assumption was that Shorewall is filtering CIFS (port 445), but I'm not sure how to verify this. Is it necessary to define rules for to connect to servers in netB? Please advise how to proceed here for solving this issue? THX
Working CIFS mount
C:\Users\thomas\Downloads>WinDump.exe -i 1 -s0 port 445
WinDump.exe: listening on \Device\NPF_{85F60C6D-9764-410D-B8D6-C492F4C80984}
09:31:33.426994 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: P
3702835894:3702836066(172) ack 1990322143 win 1452
09:31:33.427130 IP vm123-win10.fritz.box.445 > pc8-nb-wlan.fritz.box.45558: P
1:157(156) ack 172 win 1023
09:31:33.430477 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: .
ack 157 win 1451
09:31:33.430477 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: P
172:280(108) ack 157 win 1452
09:31:33.430521 IP vm123-win10.fritz.box.445 > pc8-nb-wlan.fritz.box.45558: P
157:337(180) ack 280 win 1022
09:31:33.435859 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: P
280:372(92) ack 337 win 1452
09:31:33.435905 IP vm123-win10.fritz.box.445 > pc8-nb-wlan.fritz.box.45558: P
337:465(128) ack 372 win 1022
09:31:33.441755 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: P
372:476(104) ack 465 win 1452
09:31:33.441820 IP vm123-win10.fritz.box.445 > pc8-nb-wlan.fritz.box.45558: P
465:549(84) ack 476 win 1022
09:31:33.476161 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: P
476:630(154) ack 549 win 1452
09:31:33.476220 IP vm123-win10.fritz.box.445 > pc8-nb-wlan.fritz.box.45558: P
549:689(140) ack 630 win 1021
09:31:33.486082 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: P
630:762(132) ack 689 win 1452
09:31:33.486192 IP vm123-win10.fritz.box.445 > pc8-nb-wlan.fritz.box.45558: P
689:845(156) ack 762 win 1020
09:31:33.489272 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: P
762:871(109) ack 845 win 1452
09:31:33.489316 IP vm123-win10.fritz.box.445 > pc8-nb-wlan.fritz.box.45558: P
845:941(96) ack 871 win 1026
09:31:33.493316 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: P
871:980(109) ack 941 win 1452
09:31:33.493373 IP vm123-win10.fritz.box.445 > pc8-nb-wlan.fritz.box.45558: P
941:1025(84) ack 980 win 1026
09:31:33.499971 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: P
980:1089(109) ack 1025 win 1452
09:31:33.500006 IP vm123-win10.fritz.box.445 > pc8-nb-wlan.fritz.box.45558: P
1025:1129(104) ack 1089 win 1025
09:31:33.503131 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: P
1089:1181(92) ack 1129 win 1452
09:31:33.503204 IP vm123-win10.fritz.box.445 > pc8-nb-wlan.fritz.box.45558: P
1129:1257(128) ack 1181 win 1025
09:31:33.506378 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: P
1181:1333(152) ack 1257 win 1452
09:31:33.506412 IP vm123-win10.fritz.box.445 > pc8-nb-wlan.fritz.box.45558: P
1257:1333(76) ack 1333 win 1024
09:31:33.517959 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: P
1333:1505(172) ack 1333 win 1452
09:31:33.518050 IP vm123-win10.fritz.box.445 > pc8-nb-wlan.fritz.box.45558: P
1333:1489(156) ack 1505 win 1024
09:31:33.528546 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: P
1505:1597(92) ack 1489 win 1452
09:31:33.528601 IP vm123-win10.fritz.box.445 > pc8-nb-wlan.fritz.box.45558: P
1489:1617(128) ack 1597 win 1023
09:31:33.531260 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: P
1597:1729(132) ack 1617 win 1452
09:31:33.531354 IP vm123-win10.fritz.box.445 > pc8-nb-wlan.fritz.box.45558: P
1617:1773(156) ack 1729 win 1023
09:31:33.534475 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: P
1729:1821(92) ack 1773 win 1452
09:31:33.534530 IP vm123-win10.fritz.box.445 > pc8-nb-wlan.fritz.box.45558: P
1773:1901(128) ack 1821 win 1022
09:31:33.542762 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: P
1821:1961(140) ack 1901 win 1452
09:31:33.542837 IP vm123-win10.fritz.box.445 > pc8-nb-wlan.fritz.box.45558: P
1901:2057(156) ack 1961 win 1022
09:31:33.545865 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: P
1961:2053(92) ack 2057 win 1452
09:31:33.545912 IP vm123-win10.fritz.box.445 > pc8-nb-wlan.fritz.box.45558: P
2057:2185(128) ack 2053 win 1021
09:31:33.549146 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: P
2053:2225(172) ack 2185 win 1452
09:31:33.549223 IP vm123-win10.fritz.box.445 > pc8-nb-wlan.fritz.box.45558: P
2185:2341(156) ack 2225 win 1021
09:31:33.552201 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: P
2225:2317(92) ack 2341 win 1452
09:31:33.552244 IP vm123-win10.fritz.box.445 > pc8-nb-wlan.fritz.box.45558: P
2341:2469(128) ack 2317 win 1020
09:31:33.555817 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: P
2317:2449(132) ack 2469 win 1452
09:31:33.555888 IP vm123-win10.fritz.box.445 > pc8-nb-wlan.fritz.box.45558: P
2469:2625(156) ack 2449 win 1026
09:31:33.559280 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: P
2449:2557(108) ack 2625 win 1452
09:31:33.559315 IP vm123-win10.fritz.box.445 > pc8-nb-wlan.fritz.box.45558: P
2625:2805(180) ack 2557 win 1026
09:31:33.562576 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: P
2557:2649(92) ack 2805 win 1452
09:31:33.562621 IP vm123-win10.fritz.box.445 > pc8-nb-wlan.fritz.box.45558: P
2805:2933(128) ack 2649 win 1025
09:31:33.567441 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: P
2649:2789(140) ack 2933 win 1452
09:31:33.567497 IP vm123-win10.fritz.box.445 > pc8-nb-wlan.fritz.box.45558: P
2933:3089(156) ack 2789 win 1025
09:31:33.570598 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: P
2789:2897(108) ack 3089 win 1452
09:31:33.570902 IP vm123-win10.fritz.box.445 > pc8-nb-wlan.fritz.box.45558: P
3089:3269(180) ack 2897 win 1024
09:31:33.577488 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: P
2897:2989(92) ack 3269 win 1452
09:31:33.577992 IP vm123-win10.fritz.box.445 > pc8-nb-wlan.fritz.box.45558: P
3269:3397(128) ack 2989 win 1024
09:31:33.587420 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: P
2989:3161(172) ack 3397 win 1452
09:31:33.587790 IP vm123-win10.fritz.box.445 > pc8-nb-wlan.fritz.box.45558: P
3397:3553(156) ack 3161 win 1023
09:31:33.590613 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: P
3161:3269(108) ack 3553 win 1452
09:31:33.590704 IP vm123-win10.fritz.box.445 > pc8-nb-wlan.fritz.box.45558: P
3553:3733(180) ack 3269 win 1023
09:31:33.593698 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: P
3269:3361(92) ack 3733 win 1452
09:31:33.593940 IP vm123-win10.fritz.box.445 > pc8-nb-wlan.fritz.box.45558: P
3733:3861(128) ack 3361 win 1023
09:31:33.640123 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: .
ack 3861 win 1452
09:32:42.740672 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: P
3361:3433(72) ack 3861 win 1452
09:32:42.740751 IP vm123-win10.fritz.box.445 > pc8-nb-wlan.fritz.box.45558: P
3861:3933(72) ack 3433 win 1022
09:32:42.748613 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: .
ack 3933 win 1452
09:33:44.183120 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: P
3433:3505(72) ack 3933 win 1452
09:33:44.183171 IP vm123-win10.fritz.box.445 > pc8-nb-wlan.fritz.box.45558: P
3933:4005(72) ack 3505 win 1022
09:33:44.191983 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: .
ack 4005 win 1452
09:34:45.621775 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: P
3505:3577(72) ack 4005 win 1452
09:34:45.621827 IP vm123-win10.fritz.box.445 > pc8-nb-wlan.fritz.box.45558: P
4005:4077(72) ack 3577 win 1022
09:34:45.633461 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: .
ack 4077 win 1452
09:35:47.062767 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: P
3577:3649(72) ack 4077 win 1452
09:35:47.062820 IP vm123-win10.fritz.box.445 > pc8-nb-wlan.fritz.box.45558: P
4077:4149(72) ack 3649 win 1021
09:35:47.071982 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: .
ack 4149 win 1452
09:36:48.502536 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: P
3649:3721(72) ack 4149 win 1452
09:36:48.502621 IP vm123-win10.fritz.box.445 > pc8-nb-wlan.fritz.box.45558: P
4149:4221(72) ack 3721 win 1021
09:36:48.505603 IP pc8-nb-wlan.fritz.box.45558 > vm123-win10.fritz.box.445: .
ack 4221 win 1452
43 packets captured
51 packets received by filter
0 packets dropped by kernel
thomas@pc5-desktop:~$ sudo tcpdump -v -i eth0 -s0 host win10 and port 445
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144
bytes
09:10:50.904122 IP (tos 0x0, ttl 64, id 58115, offset 0, flags [DF], proto TCP
(6), length 60)
pc5-desktop.fritz.box.60066 > vm123-win10.microsoft-ds: Flags [S], cksum
0xab49 (correct), seq 2647088179, win 29200, options [mss 1460,sackOK,TS val
541251868 ecr 0,nop,wscale 7], length 0
09:10:51.925768 IP (tos 0x0, ttl 64, id 58116, offset 0, flags [DF], proto TCP
(6), length 60)
pc5-desktop.fritz.box.60066 > vm123-win10.microsoft-ds: Flags [S], cksum
0xa74b (correct), seq 2647088179, win 29200, options [mss 1460,sackOK,TS val
541252890 ecr 0,nop,wscale 7], length 0
09:10:53.941766 IP (tos 0x0, ttl 64, id 58117, offset 0, flags [DF], proto TCP
(6), length 60)
pc5-desktop.fritz.box.60066 > vm123-win10.microsoft-ds: Flags [S], cksum
0x9f6b (correct), seq 2647088179, win 29200, options [mss 1460,sackOK,TS val
541254906 ecr 0,nop,wscale 7], length 0
09:12:06.444543 IP (tos 0x0, ttl 64, id 540, offset 0, flags [DF], proto TCP
(6), length 60)
pc5-desktop.fritz.box.60070 > vm123-win10.microsoft-ds: Flags [S], cksum
0x4cc1 (correct), seq 645860073, win 29200, options [mss 1460,sackOK,TS val
541327410 ecr 0,nop,wscale 7], length 0
09:12:07.445792 IP (tos 0x0, ttl 64, id 541, offset 0, flags [DF], proto TCP
(6), length 60)
pc5-desktop.fritz.box.60070 > vm123-win10.microsoft-ds: Flags [S], cksum
0x48d7 (correct), seq 645860073, win 29200, options [mss 1460,sackOK,TS val
541328412 ecr 0,nop,wscale 7], length 0
09:12:09.461766 IP (tos 0x0, ttl 64, id 542, offset 0, flags [DF], proto TCP
(6), length 60)
pc5-desktop.fritz.box.60070 > vm123-win10.microsoft-ds: Flags [S], cksum
0x40f7 (correct), seq 645860073, win 29200, options [mss 1460,sackOK,TS val
541330428 ecr 0,nop,wscale 7], length 0
09:28:23.055235 IP (tos 0x0, ttl 64, id 16995, offset 0, flags [DF], proto TCP
(6), length 60)
pc5-desktop.fritz.box.60074 > vm123-win10.microsoft-ds: Flags [S], cksum
0xac7b (correct), seq 1775599821, win 29200, options [mss 1460,sackOK,TS val
542304042 ecr 0,nop,wscale 7], length 0
09:28:24.085773 IP (tos 0x0, ttl 64, id 16996, offset 0, flags [DF], proto TCP
(6), length 60)
pc5-desktop.fritz.box.60074 > vm123-win10.microsoft-ds: Flags [S], cksum
0xa874 (correct), seq 1775599821, win 29200, options [mss 1460,sackOK,TS val
542305073 ecr 0,nop,wscale 7], length 0
09:28:26.101766 IP (tos 0x0, ttl 64, id 16997, offset 0, flags [DF], proto TCP
(6), length 60)
pc5-desktop.fritz.box.60074 > vm123-win10.microsoft-ds: Flags [S], cksum
0xa094 (correct), seq 1775599821, win 29200, options [mss 1460,sackOK,TS val
542307089 ecr 0,nop,wscale 7], length 0
^C
9 packets captured
9 packets received by filter
0 packets dropped by kernel
shorewall_dump.txt.tar.gz
Description: application/gzip
Failing CIFS mount
C:\Users\thomas\Downloads>WinDump.exe -i 1 -s0 port 445
WinDump.exe: listening on \Device\NPF_{85F60C6D-9764-410D-B8D6-C492F4C80984}
09:39:21.992787 IP 192.168.200.32.60078 > vm123-win10.fritz.box.445: S
81998822:81998822(0) win 29200 <mss 1382,sackOK,timestamp 542962950
0,nop,wscale 7>
09:39:23.006027 IP 192.168.200.32.60078 > vm123-win10.fritz.box.445: S
81998822:81998822(0) win 29200 <mss 1382,sackOK,timestamp 542963968
0,nop,wscale 7>
09:39:25.021681 IP 192.168.200.32.60078 > vm123-win10.fritz.box.445: S
81998822:81998822(0) win 29200 <mss 1382,sackOK,timestamp 542965984
0,nop,wscale 7>
3 packets captured
482 packets received by filter
0 packets dropped by kernel------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
