I am running a Redhat FC2 server, which runs postfix for mail, Squid for proxy and samba as Domain Controller and file server. I installed shorewall-2.1.11-1. In the shorewall rules /etc/shorewall/rules I added the following for samba ACCEPT LAN $FW:192.168.100.1 tcp 139,445 ACCEPT LAN $FW:192.168.100.1 udp 137:139 ACCEPT LAN $FW:192.168.100.1 udp 445 But when ever the shorewall is started I find it takes some rules from /usr/share/shorewall/, where there is a file called action.DropSMB and action.DropPing. So all my smb packets for port 137-139,445 are droped here. Also I found another file action.AllowSMB, which allows the smb packets. I don''t know which one to edit. what is the use of these files. I want my clients to allow pinging to the server and also they should be able to access the server thru samba. Plz give me a solution. I am new to Shorewall. ====Regards, AnandhG __________________________________ Do you Yahoo!? Yahoo! Mail - Easier than ever with enhanced search. Learn more. http://info.mail.yahoo.com/mail_250
Anandh G wrote:> I am running a Redhat FC2 server, which runs postfix > for mail, Squid for proxy and samba as Domain > Controller and file server. I installed > shorewall-2.1.11-1.WHY??? Shorewall 2.1.* was the current development release before it went into Beta. It is now at Release Candidate 4 (shorewall 2.2.0-RC4). If you are going to run the Development Release, at least please install the latest version. Please upgrade to 2.2.0-RC4 before you go any further.> In the shorewall rules /etc/shorewall/rules I added > the following for samba > > ACCEPT LAN $FW:192.168.100.1 tcp > 139,445 > ACCEPT LAN $FW:192.168.100.1 udp > 137:139 > ACCEPT LAN $FW:192.168.100.1 udp 445 > > But when ever the shorewall is started I find it takes > some rules from /usr/share/shorewall/, where there is > a file called action.DropSMB and action.DropPing. So > all my smb packets for port 137-139,445 are droped > here. Also I found another file action.AllowSMB, which > allows the smb packets. > > I don''t know which one to edit.You don''t edit ANY OF THOSE FILES. what is the use of> these files. I want my clients to allow pinging to the > server and also they should be able to access the > server thru samba. > > Plz give me a solution. I am new to Shorewall.o Go to http://shorewall.net/ o In the left panel, click on "Documentation" o The page you will now see has a couple of introductory links followed by an alphabetical index to the Shorewall documentaton. Go down to the "S"s and click on "Samba" o Configure Shorewall as described in that article. o If you encounter problems, then submit a problem report as described at http://shorewall.net/support.htm -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Anandh G wrote:> I want my clients to allow pinging to the > server and also they should be able to access the > server thru samba. > > Plz give me a solution. I am new to Shorewall.Regarding "Ping", you apparently didn''t follow one of the QuickStart Guides (http://shorewall.net/shorewall_quickstart_guide.htm). Otherwise, ''Ping'' would work for you "out of the box". There is an article on "Ping" in the documentation index that I directed you to in my previous post. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
I installed Synaptic in my Fedora core 2 and as I selected shorewall from Synaptic it downloaded me this version only. Tom Eastep <teastep@shorewall.net> wrote:Anandh G wrote:> I am running a Redhat FC2 server, which runs postfix > for mail, Squid for proxy and samba as Domain > Controller and file server. I installed > shorewall-2.1.11-1.WHY??? Shorewall 2.1.* was the current development release before it went into Beta. It is now at Release Candidate 4 (shorewall 2.2.0-RC4). If you are going to run the Development Release, at least please install the latest version. Please upgrade to 2.2.0-RC4 before you go any further.> In the shorewall rules /etc/shorewall/rules I added > the following for samba > > ACCEPT LAN $FW:192.168.100.1 tcp > 139,445 > ACCEPT LAN $FW:192.168.100.1 udp > 137:139 > ACCEPT LAN $FW:192.168.100.1 udp 445 > > But when ever the shorewall is started I find it takes > some rules from /usr/share/shorewall/, where there is > a file called action.DropSMB and action.DropPing. So > all my smb packets for port 137-139,445 are droped > here. Also I found another file action.AllowSMB, which > allows the smb packets. > > I don''t know which one to edit.You don''t edit ANY OF THOSE FILES. what is the use of> these files. I want my clients to allow pinging to the > server and also they should be able to access the > server thru samba. > > Plz give me a solution. I am new to Shorewall.o Go to http://shorewall.net/ o In the left panel, click on "Documentation" o The page you will now see has a couple of introductory links followed by an alphabetical index to the Shorewall documentaton. Go down to the "S"s and click on "Samba" o Configure Shorewall as described in that article. o If you encounter problems, then submit a problem report as described at http://shorewall.net/support.htm -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm Regards, AnandhG --------------------------------- Do you Yahoo!? Meet the all-new My Yahoo! Try it today!
Anandh G wrote:> I installed Synaptic in my Fedora core 2 and as I selected > shorewall from Synaptic it downloaded me this version only.A 2.2.0-RC4 rpm is available from the Shorewall Download page. In fact, you will find links to download an RPM taylored for Fedora. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key