Shorewall users - Apr 2003 - Problems seeing Samba shares from Windows machine

I''m a relative newbie to firewalls, so I''m asking the folks
who do know!

I''ve got a Mandrake Linux 9.1 machine with Shorewall 1.3.14 installed.

When I have shorewall running on the Linux machine, I cannot access it
from the Windows ME machine at all. When I do a shorewall clear and
shorewall stop, everything works fine, therefore it''s not my Samba or
ethernet connection.

I can access the internet just fine, too, when shorewall is running.

And of course, it''s taken me forever to track it down to MY Linux
machine, since the Windows ME machine just says "Unable to access
network". I thought for a LONG time it was the Windows machine! ARGHHH

Anyway, here''s my various files:

interfaces:

net     eth0    detect

rules:

ACCEPT  fw      net     udp     631,139,137,135 -
ACCEPT  fw      net     tcp     22,631,139,137,135      -
ACCEPT  net     fw      udp     631,139,137,135 -
ACCEPT  net     fw      tcp     22,631,139,137,135      -
ACCEPT  loc     net     udp     631,139,137,135 -
ACCEPT  loc     net     tcp     22,631,139,137,135      -
ACCEPT  net     loc     udp     631,139,137,135 -
ACCEPT  net     loc     tcp     22,631,139,137,135      -
ACCEPT  loc:10.0.0.2    fw      tcp     -       -
ACCEPT  loc:10.0.0.2    fw      udp     -       -

NOTE: I know, I know, the loc zone isn''t needed. I didn''t
understand at
the time. But it still shouldn''t stop the 10.0.0.2 machine from
accessing mine (10.0.0.3). I''m removing it soon as I can get some clue
what to fix in it. ;-)

zones:

loc     LocalNet        Local network
net     Net     Internet zone


shorewall.conf:

Same as installed (not changed)


-- 
David A. Bartmess
Sr. Software Configuration Manager
eDingo Enterprises
http://edingo.net

But one should not forget that money can buy a bed but not sleep, 
finery but not beauty, a house but not a home, 
medicine but not health, luxuries but not culture, 
sex but not love, and amusements but not happiness.

On 10 Apr 2003, Dave Bartmess wrote:
> I''m a relative newbie to firewalls, so I''m asking the
folks who do know!
> 
> I''ve got a Mandrake Linux 9.1 machine with Shorewall 1.3.14
installed.
> 
> When I have shorewall running on the Linux machine, I cannot access it
> from the Windows ME machine at all.
And we are left to guess how "_the_ Windows ME machine" is connected
to
the Mandrake machine -- given what you say below, we must guess that it 
intefaces via the ''net'' zone.
> When I do a shorewall clear and shorewall stop, everything works fine,
> therefore it''s not my Samba or ethernet connection.
> 
So you have the ''net'' interface open when Shorewall is
stopped, correct?
> I can access the internet just fine, too, when shorewall is running.
> 
> And of course, it''s taken me forever to track it down to MY Linux
> machine, since the Windows ME machine just says "Unable to access
> network". I thought for a LONG time it was the Windows machine! ARGHHH
> 
> Anyway, here''s my various files:
> 
> interfaces:
> 
> net     eth0    detect
> 
> rules:
> 
> ACCEPT  fw      net     udp     631,139,137,135 -
> ACCEPT  fw      net     tcp     22,631,139,137,135      -
> ACCEPT  net     fw      udp     631,139,137,135 -
> ACCEPT  net     fw      tcp     22,631,139,137,135      -
> 
> NOTE: I know, I know, the loc zone isn''t needed. I didn''t
understand at
> the time. But it still shouldn''t stop the 10.0.0.2 machine from
> accessing mine (10.0.0.3). I''m removing it soon as I can get some
clue
> what to fix in it. ;-)
How would we know if the loc zone is irrelevant or not -- you haven''s
said
one word about the network topology. But from your comments above, I have 
ommited above all rules having to do with the ''loc'' zone.

I recommend a set of rules for interfacing to Samba on a Shorewall box at
http://www.shorewall.net/Samba.htm. You should consult that URL and change
your rules accordingly.

Aside: The above URL is located by going to the Shorewall home page, 
selecting "Documentation Index" and then "Samba".
> 
> zones:
> 
> loc     LocalNet        Local network
> net     Net     Internet zone
> 
I assume that when you start Shorewall, you are informed that the
''loc''
zone is empty.
> 
> shorewall.conf:
> 
> Same as installed (not changed)
>
Few if any of us have Mandrake 9.1. What Mandrake installs and what I
release need not have any relationship to one another and if history is
any indication they will be different.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net

Dave Bartmess schrieb:
> 
> I''m a relative newbie to firewalls, so I''m asking the
folks who do know!
> 
> I''ve got a Mandrake Linux 9.1 machine with Shorewall 1.3.14
installed.
> 
> When I have shorewall running on the Linux machine, I cannot access it
> from the Windows ME machine at all. When I do a shorewall clear and
> shorewall stop, everything works fine, therefore it''s not my Samba
or
> ethernet connection.
> 
> I can access the internet just fine, too, when shorewall is running.
> 
> And of course, it''s taken me forever to track it down to MY Linux
> machine, since the Windows ME machine just says "Unable to access
> network". I thought for a LONG time it was the Windows machine! ARGHHH
> 
> Anyway, here''s my various files:
> 
> interfaces:
> 
> net     eth0    detect
Where is your loc interface?
> 
> rules:
> 
> ACCEPT  fw      net     udp     631,139,137,135 -
> ACCEPT  fw      net     tcp     22,631,139,137,135      -
> ACCEPT  net     fw      udp     631,139,137,135 -
> ACCEPT  net     fw      tcp     22,631,139,137,135      -
> ACCEPT  loc     net     udp     631,139,137,135 -
> ACCEPT  loc     net     tcp     22,631,139,137,135      -
> ACCEPT  net     loc     udp     631,139,137,135 -
> ACCEPT  net     loc     tcp     22,631,139,137,135      -
> ACCEPT  loc:10.0.0.2    fw      tcp     -       -
> ACCEPT  loc:10.0.0.2    fw      udp     -       -
> 
> NOTE: I know, I know, the loc zone isn''t needed. I didn''t
understand at
> the time. But it still shouldn''t stop the 10.0.0.2 machine from
> accessing mine (10.0.0.3). I''m removing it soon as I can get some
clue
Is 10.0.0.3 your Linux firewall?

Simon
> what to fix in it. ;-)
> 
> zones:
> 
> loc     LocalNet        Local network
> net     Net     Internet zone
> 
> shorewall.conf:
> 
> Same as installed (not changed)
> 
> --
> David A. Bartmess
> Sr. Software Configuration Manager
> eDingo Enterprises
> http://edingo.net
> 
> But one should not forget that money can buy a bed but not sleep,
> finery but not beauty, a house but not a home,
> medicine but not health, luxuries but not culture,
> sex but not love, and amusements but not happiness.
> 
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users@lists.shorewall.net
> Subscribe/Unsubscribe:
http://lists.shorewall.net/mailman/listinfo/shorewall-users
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm