Shorewall users - Mar 2004 - Broadcast into LAN?

Hello, I have a problem broadcasting from the firewall to the lan, because
shorewall adds a rule for every interface to reject broadcasts to that
network. I want to use smb_auth from squid, and this tool does a broadcast
on the lan interface to discover the domain controller. Is it possible to
stop shorewall from adding the broadcast rule into the common chain?

I could not find anything on this topic in the documentation.

I''m using shorewall 1.3.11 from Mandrake MNF.

Any help would be appreciated.


Greetings, Daniel Haas



P.S. Sorry my englisch... :-)

On Monday 01 March 2004 09:53 am, Daniel Haas wrote:
> Hello, I have a problem broadcasting from the firewall to the lan, because
> shorewall adds a rule for every interface to reject broadcasts to that
> network.
Nonsense -- Shorewall adds a rule for each interface (in the common chain) to 
AVOID LOGGING broadcasts FROM THAT NETWORK.
> I want to use smb_auth from squid, and this tool does a broadcast 
> on the lan interface to discover the domain controller. Is it possible to
> stop shorewall from adding the broadcast rule into the common chain?
>
I''ll post this for the 10,419th time -- the common chain is only
traversed
before a REJECT or DROP policy is enforced. The purpose of the chain is to 
avoid logging a bunch of useless noise (like broadcasts) -- if you had an 
empty common chain, your broadcasts still wouldn''t be sent.

Solution: If you want the broadcast sent, you need a rule allowing it. Since 
you are using SMB auth, I would start at http://www.shorewall.net/samba.htm.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net