Shorewall users - Oct 2002 - Shorewall setup with 3 network cards.

Hello

  Im hoping I will be able to post this time! I have a shorewall linux box with
3 network cards, eth0 -> to cable modem, eth1 -> local network, and eth2
-> dedicated for captureing video
firewall = (fw).
eth0 is dhcp          
eth1 is 192.168.0.x  (loc)
eth2 is 193.168.0.x . my problem occurs when I have in rules file
<--snip-->
ACCEPT  fw      loc     udp     137:139
ACCEPT  fw      loc     tcp     137,139
ACCEPT  fw      loc     udp     1024:   137
ACCEPT  loc     fw      udp     137:139
ACCEPT  loc     fw      tcp     137,139
ACCEPT  loc     fw      udp     1024:   137
<--snip-->
however since the ports are being forwarded to the "loc"(internal
network) how do I forward them to the eth2 (I set up as "dmz" using 3
nic setting off shorewall.net)(do i have to run another samba /w different
ports??), although I can ping, I cannot use the windows file sharing at all,
computer is not found on network.(i..e ports are not working on eth2) I have
absolutly no idea where to go from here and im totally lost! Id appreciate any
help .
Thank you very much
- Jonathan.

__________________________________________________________________
The NEW Netscape 7.0 browser is now available. Upgrade now!
http://channels.netscape.com/ns/browsers/download.jsp

Get your own FREE, personal Netscape Mail account today at
http://webmail.netscape.com/

> -----Original Message-----
> From: blackthunder9@netscape.net
> Sent: Friday, October 25, 2002 9:49 PM
> Subject: [Shorewall-users] Shorewall setup with 3 network cards.
> 
> 
> Hello
> 
> Im hoping I will be able to post this time! I have a 
> shorewall linux box with 3 network cards, eth0 -> to cable 
> modem, eth1 -> local network, and eth2 -> dedicated for 
> captureing video 
> firewall = (fw).
> eth0 is dhcp          
> eth1 is 192.168.0.x  (loc)
> eth2 is 193.168.0.x . my problem occurs when I have in rules file
> <--snip-->
> ACCEPT  fw      loc     udp     137:139
> ACCEPT  fw      loc     tcp     137,139
> ACCEPT  fw      loc     udp     1024:   137
> ACCEPT  loc     fw      udp     137:139
> ACCEPT  loc     fw      tcp     137,139
> ACCEPT  loc     fw      udp     1024:   137
> <--snip-->
> however since the ports are being forwarded to the 
> "loc"(internal network) how do I forward them to the eth2 (I 
> set up as "dmz" using 3 nic setting off shorewall.net)(do i 
> have to run another samba /w different ports??), although I 
> can ping, I cannot use the windows file sharing at all, 
> computer is not found on network.(i..e ports are not working 
> on eth2) I have absolutly no idea where to go from here and 
> im totally lost! Id appreciate any help . 
> Thank you very much
> - Jonathan.
> 
Your post is rather confusing. The rules you have shown above only allow SMB
related packets between systems in the local zone and the firewall itself
(and vice-versa). Nothing is being forwarded as you have stated.

If your goal is to enable SMB related packets between systems in your local
zone and your dmz (and vice-versa), then you will need to add those rules as
well. i.e.

ACCEPT  loc  dmz  udp  137:139
ACCEPT  dmz  loc  udp  137:139
[...] and so on

If your final goal is to use network neighborhood and have all systems
(including the ones in your dmz) show up in the browser, then you will need
to implement a WINS server. FWIW: Samba can be configured to act as a WINS
server.

Steve Cowles