thr3ads.net - Shorewall users - [Shorewall-users] Problem with local net [Mar 2003]

If this information is useful, please help other people find it:
Share via:

support23@ev-theol.uni-bonn.de

2003-Mar-31 16:30 UTC

[Shorewall-users] Problem with local net

Hi all, 
we have on server with two interfaces and ip aliases 
eth0 internet connection 
eth0 - eth0:4 lan 
We want to allow ALL traffic from the lan to the firewall (eg. samba, nis,...) 
and only some ports from the internet. 
here is the config 
- policiy 
loc             net             ACCEPT 
loc             all             ACCEPT 
fw              loc             ACCEPT 
loc             fw              ACCEPT 
fw              net             ACCEPT 
net             all             DROP            info 
all             all             REJECT          info 
 
- rules 
ACCEPT  net     fw      udp     22,143,25,20,21,10000,20000     - 
ACCEPT  net     fw      tcp     22,143,25,20,21,10000,20000     - 
# SAMBA 
ACCEPT  fw      loc     udp     137:139 
ACCEPT  fw      loc     tcp     137,139 
ACCEPT  fw      loc     udp     1024:   137 
ACCEPT  loc     fw      udp     137:139 
ACCEPT  loc     fw      tcp     137,139 
ACCEPT  loc     fw      udp     1024:   137 
 
problem is that we have big problem with the clients to connect to samba... on 
the firewall: 
/var/log/messagesMar 31 23:36:02 bigserver01 kernel: 
Shorewall:net2all:DROP:IN=eth1 OUT= 
MAC=00:02:b3:51:c4:4e:00:e0:7d:c0:00:1c:08:00 SRC=10.0.198.252 DST=10.0.0.138 
LEN=67 TOS=0x00 PREC=0x00 TTL=128 ID=35426 PROTO=UDP SPT=3356 DPT=53 LEN=47  
 
10.0.0.138 is the lan interface of the firewall 
10.0.198.252 is a win2k client 
 
is there a way to allow *ALL* access from the inside to the firewall to avoid 
problem with samba... 
 
tia and best regards 
judy

Tom Eastep

2003-Mar-31 16:39 UTC

head link

[Shorewall-users] Problem with local net

On Tue, 1 Apr 2003 support23@ev-theol.uni-bonn.de wrote:
>  
> problem is that we have big problem with the clients to connect to samba...
on
> the firewall: 
> /var/log/messagesMar 31 23:36:02 bigserver01 kernel: 
> Shorewall:net2all:DROP:IN=eth1 OUT= 
> MAC=00:02:b3:51:c4:4e:00:e0:7d:c0:00:1c:08:00 SRC=10.0.198.252
DST=10.0.0.138
> LEN=67 TOS=0x00 PREC=0x00 TTL=128 ID=35426 PROTO=UDP SPT=3356 DPT=53 LEN=47
>  
> 10.0.0.138 is the lan interface of the firewall 
> 10.0.198.252 is a win2k client 
>  
> is there a way to allow *ALL* access from the inside to the firewall to
avoid
> problem with samba... 
>  
The above log message shows a DNS packet -- it has little if anything to 
do with Samba!!

And to answer you question -- of course; that''s what the policy file is
for!!!

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net

Shorewall users - Mar 2003 - Problem with local net

[Shorewall-users] Problem with local net

[Shorewall-users] Problem with local net