Hi, we just installed shorewall for a customer, we use 3 nics. All works great expect Appletalk communication People cannot use regular apple file funktions to access their files, only appletalk over IP vorks. That however is not what they want. Has anyone a hint how I can solve this? Do I need to open more protocolls ? Anyone done this alreay ? thx for any help Christophe -- Christophe Zwecker mail: doc@zwecker.de Hamburg, Germany fon: +49 179 3994867 http://www.zwecker.de "Who is General Failure ? And why is he reading my disk ??"
On Saturday 02 March 2002 08:04 am, Christophe Zwecker wrote:> Maybe to install a appletalk bridge m enable atalk kernel modules would > enable it ?I know nothing about Appletalk so your guess is as good as mine. -Tom> > On Sat, 2002-03-02 at 16:20, Tom Eastep wrote: > > On Saturday 02 March 2002 06:59 am, you wrote: > > > Hi, > > > > > > we just installed shorewall for a customer, we use 3 nics. All works > > > great expect Appletalk communication > > > > > > People cannot use regular apple file funktions to access their files, > > > only appletalk over IP vorks. That however is not what they want. > > > > > > Has anyone a hint how I can solve this? > > > Do I need to open more protocolls ? > > > Anyone done this alreay ? > > > > I''m Apple illiterate but here is my take: > > > > Netfilter (the kernel facility that Shorewall is built on) only deals > > with IP Versions 4 and Version 6; Shorewall itself only deals with IP > > Version 4. Since Appletalk is not an IP protocol (it doesn''t use IP > > addressing), it cannot be filtered using Netfilter (or by Shorewall). My > > only suggestion would be to code MAC-address (That''s Media Access > > Control, not Macintosh) based rules in /etc/shorewall/start that allow > > the Apples to talk to each other. > > > > -Tom > > -- > > Tom Eastep \ Shorewall - iptables made easy > > AIM: tmeastep \ http://www.shorewall.net > > ICQ: #60745924 \ teastep@shorewall.net--=20 Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
thy are trying to acces files on their mac ftp server, im gonna look into your link, thx alot! On Sat, 2002-03-02 at 17:34, dgilleece wrote:> What are they trying to do -- update files on a Mac webserver in the DMZ, > using simple drag-and-drop? Or, is it more complicated than that? > > The forums at samba.org tackle questions like this all the time, i.e., > http://lists.samba.org/pipermail/netfilter/2001-January/006585.html You > might want to check there. > > Dan > ----- Original Message ----- > From: "Christophe Zwecker" <doc@zwecker.de> > To: <shorewall-users@shorewall.net> > Sent: Saturday, March 02, 2002 8:59 AM > Subject: [Shorewall-users] Allowing Applettalk > > > > Hi, > > > > we just installed shorewall for a customer, we use 3 nics. All works > > great expect Appletalk communication > > > > People cannot use regular apple file funktions to access their files, > > only appletalk over IP vorks. That however is not what they want. > > > > Has anyone a hint how I can solve this? > > Do I need to open more protocolls ? > > Anyone done this alreay ? > > > > thx for any help > > > > Christophe > > -- > > Christophe Zwecker mail: doc@zwecker.de > > Hamburg, Germany fon: +49 179 3994867 > > http://www.zwecker.de > > > > "Who is General Failure ? And why is he reading my disk ??" > > > > _______________________________________________ > > Shorewall-users mailing list > > Shorewall-users@shorewall.net > > http://www.shorewall.net/mailman/listinfo/shorewall-users > >-- Christophe Zwecker mail: doc@zwecker.de Hamburg, Germany fon: +49 179 3994867 http://www.zwecker.de "Who is General Failure ? And why is he reading my disk ??"
Ive read some stuff about that now. Looks like non ip appletalk cannot be routed between interfaces yet. So I guess the solution is using IP based appletalk OR keeping client and server in the same net (local in this case) Am I thinking right, having both machines within the same net there shouldnt be any interference since those packets just arent seen at all. can someone confirm this? best regards, Christophe On Sat, 2002-03-02 at 17:34, dgilleece wrote:> What are they trying to do -- update files on a Mac webserver in the DMZ, > using simple drag-and-drop? Or, is it more complicated than that?-- Christophe Zwecker mail: doc@zwecker.de Hamburg, Germany fon: +49 179 3994867 http://www.zwecker.de "Who is General Failure ? And why is he reading my disk ??"
> -----Original Message----- > From: shorewall-users-admin@shorewall.net > [mailto:shorewall-users-admin@shorewall.net] On Behalf Of > Christophe Zwecker > Sent: Sunday, March 03, 2002 6:47 AM > To: dgilleece > Cc: Shorewall-users@shorewall.net > Subject: Re: [Shorewall-users] Allowing Applettalk > > > Ive read some stuff about that now. Looks like non ip appletalk cannot > be routed between interfaces yet. > > So I guess the solution is using IP based appletalk OR keeping client > and server in the same net (local in this case) > > Am I thinking right, having both machines within the same net there > shouldnt be any interference since those packets just arent > seen at all. > > can someone confirm this? >Yes -- so long as the Apples are all on the same LAN segment, your Firewall/Router won''t be involved. -Tom -- Tom Eastep \ Shorewall -- iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Christophe Zwecker wrote:> Ive read some stuff about that now. Looks like non ip appletalk cannot > be routed between interfaces yet. > > So I guess the solution is using IP based appletalk OR keeping client > and server in the same net (local in this case)I had heard that Apple had deprecated native AppleTalk and were moving in the direction of AppleTalk over IP anyway. Why would people not want to use AT/IP? Paul http://paulgear.webhop.net
On Sun, 2002-03-03 at 20:56, Paul Gear wrote:> I had heard that Apple had deprecated native AppleTalk and were moving in the > direction of AppleTalk over IP anyway. Why would people not want to use > AT/IP?dunno, seemed less easy to use to my customer, havent excaclty looked at it yet... -- Christophe Zwecker mail: doc@zwecker.de Hamburg, Germany fon: +49 179 3994867 http://www.zwecker.de "Who is General Failure ? And why is he reading my disk ??"