thr3ads.net - Shorewall users - [Shorewall-users] [Fwd: Re: [expert] Shorewall Follies

If this information is useful, please help other people find it:
Share via:

Cowles, Steve

2002-Dec-01 01:31 UTC

[Shorewall-users] [Fwd: Re: [expert] Shorewall Follies - It''s drivin'' me NUTS!!]

> -----Original Message-----
> From: Jim C
> Sent: Saturday, November 30, 2002 12:36 AM
> Subject: [Shorewall-users] [Fwd: Re: [expert] Shorewall Follies -
It''s
> drivin'' me NUTS!!]
> 
> 
> Ha! Fooled you! This is an answer rather than a question! :-)
> 
> Well I''ve got the shorewall rules for samba figured out.  
> Please correct my work if I''ve made any mistakes.  Port 445 is
> the port that XP/2K use for this purpose and the website did
> not take XP/2K into account.  Port 631 is a network printer
> which may be important when I get around to putting up the print
> server. For added security (I hope) I''ve added entries for smbd
> and nmbd in hosts.deny and hosts.allow.  I''m not sure what
> effect this will have but hey, like I''m tryin, see. ;-)
> 
> Here''s a question:  Do I need to have tcpd running to get wrappers
to
> work?  I thought I heard somewhere that wrappers were handled in the
> kernel these days.
Most linux distro''s have replaced tcpd with xinetd. As to your
question, I
can only assume your asking about running samba under tcp wrappers. Why?
Samba has it''s own access control list options. Type: man smb.conf.
Specifically the "hosts allow" and "interfaces" options.
> 
>  > [root@enigma root]# cat /etc/shorewall/rules.samba.sav
>  > ACCEPT  fw      masq    tcp     631,137,139,445 -
>  > ACCEPT  fw      masq    udp     631,137,138,139 -
>  > ACCEPT  masq    fw      tcp     631,137,139,445 -
>  > ACCEPT  masq    fw      udp     631,137,138,139 -
>  > ACCEPT  loc     masq    tcp     631,137,139,445 -
>  > ACCEPT  loc     masq    udp     631,137,138,139 -
>  > ACCEPT  masq    loc     tcp     631,137,139,445 -
>  > ACCEPT  masq    loc     udp     631,137,138,139 -
>  > REJECT  net     masq    tcp     631,137,139,445 -
>  > REJECT  net     masq    udp     631,137,138,139 -
>  > REJECT  net     fw      tcp     137,139,445     -
>  > REJECT  net     fw      udp     137,138,139     -
>  > REJECT  net     loc     tcp     631,137,139,445 -
>  > REJECT  net     loc     udp     631,137,138,139 -
>  > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
> 
I don''t use port 631 here to print. I use 515. At least to my print
servers.

As to your question about samba rules... Have you read the following link?
http://shorewall.infohiiway.com/samba.htm

Steve Cowles

Shorewall users - Dec 2002 - [Fwd: Re: [expert] Shorewall Follies - It''s drivin'' me NUTS!!]

[Shorewall-users] [Fwd: Re: [expert] Shorewall Follies - It''s drivin'' me NUTS!!]