Hello!
I beg you some help
I am setting up a server based on Mandrake10
It''s a DHCP, Samba server for local machine.
All local machine receive IP address ok and can pass internet traffic
through SQUID on the server via the ppp0 line when shorewall is running
But we also lose our samba connection as netbios broadcast seems blocked
by shorewall
Here what I found in the /var/log/messages
Packet send failed to 192.168.1.255(138) ERRNO=Operation not permitted
Jun 23 20:57:31 localhost nmbd[3127]: [2004/06/23 20:57:31, 0]
libsmb/nmblib.c:send_udp(758)
So Netbios resolution failed and as a consequence we cant browse the
server samba share.
Please, some help would be greatful
------------
ppp0 is the internet
eth0 is local
------------
Shorewall-2.0.1 Chain at localhost - mer jun 23 21:19:46 EDT 2004
[root@localhost shorewall]# ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:10:b5:9d:b2:58 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.33/24 brd 192.168.1.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:a0:c9:73:cc:79 brd ff:ff:ff:ff:ff:ff
5: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1492 qdisc pfifo_fast qlen
3
link/ppp
inet 65.94.251.41 peer 65.94.251.1/32 scope global ppp0
[root@localhost shorewall]#
-----------------------------------------------------------
[root@localhost shorewall]# ip route show
65.94.251.1 dev ppp0 proto kernel scope link src 65.94.251.41
192.168.1.0/24 dev eth0 scope link
127.0.0.0/8 dev lo scope link
default via 65.94.251.1 dev ppp0
[root@localhost shorewall]#
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
0 0 DROP !icmp -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
17 804 ppp0_in all -- ppp0 * 0.0.0.0/0
0.0.0.0/0
560 36493 eth0_in all -- eth0 * 0.0.0.0/0
0.0.0.0/0
0 0 eth1_in all -- eth1 * 0.0.0.0/0
0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix
`Shorewall:INPUT:REJECT:''
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 DROP !icmp -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
0 0 ppp0_fwd all -- ppp0 * 0.0.0.0/0
0.0.0.0/0
0 0 eth0_fwd all -- eth0 * 0.0.0.0/0
0.0.0.0/0
0 0 eth1_fwd all -- eth1 * 0.0.0.0/0
0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix
`Shorewall:FORWARD:REJECT:''
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * lo 0.0.0.0/0
0.0.0.0/0
0 0 DROP !icmp -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
0 0 fw2net all -- * ppp0 0.0.0.0/0
0.0.0.0/0
318 105K all2all all -- * eth0 0.0.0.0/0
0.0.0.0/0
0 0 all2all all -- * eth1 0.0.0.0/0
0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix
`Shorewall:OUTPUT:REJECT:''
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain Drop (1 references)
pkts bytes target prot opt in out source
destination
17 804 RejectAuth all -- * * 0.0.0.0/0
0.0.0.0/0
17 804 dropBcast all -- * * 0.0.0.0/0
0.0.0.0/0
17 804 DropSMB all -- * * 0.0.0.0/0
0.0.0.0/0
1 28 DropUPnP all -- * * 0.0.0.0/0
0.0.0.0/0
1 28 dropNonSyn all -- * * 0.0.0.0/0
0.0.0.0/0
1 28 DropDNSrep all -- * * 0.0.0.0/0
0.0.0.0/0
Chain DropDNSrep (2 references)
pkts bytes target prot opt in out source
destination
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp spt:53
Chain DropSMB (1 references)
pkts bytes target prot opt in out source
destination
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:135
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:137:139
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:445
16 776 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:135
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:139
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:445
Chain DropUPnP (2 references)
pkts bytes target prot opt in out source
destination
0 0 DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:1900
Chain Reject (4 references)
pkts bytes target prot opt in out source
destination
2 319 RejectAuth all -- * * 0.0.0.0/0
0.0.0.0/0
2 319 dropBcast all -- * * 0.0.0.0/0
0.0.0.0/0
2 319 RejectSMB all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 DropUPnP all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 dropNonSyn all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 DropDNSrep all -- * * 0.0.0.0/0
0.0.0.0/0
Chain RejectAuth (2 references)
pkts bytes target prot opt in out source
destination
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:113
Chain RejectSMB (1 references)
pkts bytes target prot opt in out source
destination
0 0 reject udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:135
2 319 reject udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:137:139
0 0 reject udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:445
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:135
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:139
0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:445
Chain all2all (2 references)
pkts bytes target prot opt in out source
destination
316 105K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
2 319 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix
`Shorewall:all2all:REJECT:''
0 0 reject all -- * * 0.0.0.0/0
0.0.0.0/0
Chain dropBcast (2 references)
pkts bytes target prot opt in out source
destination
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 PKTTYPE = broadcast
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 PKTTYPE = multicast
Chain dropNonSyn (2 references)
pkts bytes target prot opt in out source
destination
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:!0x16/0x02
Chain dynamic (6 references)
pkts bytes target prot opt in out source
destination
Chain eth0_fwd (1 references)
pkts bytes target prot opt in out source
destination
0 0 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 state NEW
0 0 loc2net all -- * ppp0 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- * eth1 0.0.0.0/0
0.0.0.0/0
Chain eth0_in (1 references)
pkts bytes target prot opt in out source
destination
2 477 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 state NEW
560 36493 loc2fw all -- * * 0.0.0.0/0
0.0.0.0/0
Chain eth1_fwd (1 references)
pkts bytes target prot opt in out source
destination
0 0 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 state NEW
0 0 loc2net all -- * ppp0 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- * eth0 0.0.0.0/0
0.0.0.0/0
Chain eth1_in (1 references)
pkts bytes target prot opt in out source
destination
0 0 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 state NEW
0 0 loc2fw all -- * * 0.0.0.0/0
0.0.0.0/0
Chain fw2net (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain icmpdef (0 references)
pkts bytes target prot opt in out source
destination
Chain loc2fw (2 references)
pkts bytes target prot opt in out source
destination
558 36016 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:3128
2 477 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain loc2net (2 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain net2all (3 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
17 804 Drop all -- * * 0.0.0.0/0
0.0.0.0/0
1 28 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 6 prefix
`Shorewall:net2all:DROP:''
1 28 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain ppp0_fwd (1 references)
pkts bytes target prot opt in out source
destination
0 0 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 state NEW
0 0 net2all all -- * eth0 0.0.0.0/0
0.0.0.0/0
0 0 net2all all -- * eth1 0.0.0.0/0
0.0.0.0/0
Chain ppp0_in (1 references)
pkts bytes target prot opt in out source
destination
17 804 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 state NEW
17 804 net2all all -- * * 0.0.0.0/0
0.0.0.0/0
Chain reject (11 references)
pkts bytes target prot opt in out source
destination
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 PKTTYPE = broadcast
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 PKTTYPE = multicast
0 0 DROP all -- * * 192.168.1.255
0.0.0.0/0
0 0 DROP all -- * * 255.255.255.255
0.0.0.0/0
0 0 DROP all -- * * 224.0.0.0/4
0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with tcp-reset
2 319 REJECT udp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-host-prohibited
Chain shorewall (0 references)
pkts bytes target prot opt in out source
destination
Chain smurfs (0 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 192.168.1.255
0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:''
0 0 DROP all -- * * 192.168.1.255
0.0.0.0/0
0 0 LOG all -- * * 255.255.255.255
0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:''
0 0 DROP all -- * * 255.255.255.255
0.0.0.0/0
0 0 LOG all -- * * 224.0.0.0/4
0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:''
0 0 DROP all -- * * 224.0.0.0/4
0.0.0.0/0
[root@localhost shorewall]#
[root@localhost shorewall]# ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:10:b5:9d:b2:58 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.33/24 brd 192.168.1.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:a0:c9:73:cc:79 brd ff:ff:ff:ff:ff:ff
5: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1492 qdisc pfifo_fast qlen
3
link/ppp
inet 65.94.251.41 peer 65.94.251.1/32 scope global ppp0
[root@localhost shorewall]#
-------------------------------------------------------------
Have a look at: http://www.shorewall.net/samba.htm ----- Original Message ----- From: "Sylvain Angers" <sangers@sympatico.ca> To: <shorewall-users@lists.shorewall.net> Sent: Wednesday, June 23, 2004 20:39 Subject: [Shorewall-users] Netbios resolution failed: Operation not permitted> Hello! > > I beg you some help > > I am setting up a server based on Mandrake10 > > It''s a DHCP, Samba server for local machine. > All local machine receive IP address ok and can pass internettraffic> through SQUID on the server via the ppp0 line when shorewall isrunning> > But we also lose our samba connection as netbios broadcast seemsblocked> by shorewall > > Here what I found in the /var/log/messages > > Packet send failed to 192.168.1.255(138) ERRNO=Operation notpermitted> Jun 23 20:57:31 localhost nmbd[3127]: [2004/06/23 20:57:31, 0] > libsmb/nmblib.c:send_udp(758) > > So Netbios resolution failed and as a consequence we cant browse the > server samba share. > > Please, some help would be greatful > > ------------ > ppp0 is the internet > eth0 is local > ------------ > Shorewall-2.0.1 Chain at localhost - mer jun 23 21:19:46 EDT 2004 > > [root@localhost shorewall]# ip addr show > 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 brd 127.255.255.255 scope host lo > 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen1000> link/ether 00:10:b5:9d:b2:58 brd ff:ff:ff:ff:ff:ff > inet 192.168.1.33/24 brd 192.168.1.255 scope global eth0 > 3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen1000> link/ether 00:a0:c9:73:cc:79 brd ff:ff:ff:ff:ff:ff > 5: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1492 qdisc pfifo_fastqlen> 3 > link/ppp > inet 65.94.251.41 peer 65.94.251.1/32 scope global ppp0 > [root@localhost shorewall]# > > ----------------------------------------------------------- > > [root@localhost shorewall]# ip route show > 65.94.251.1 dev ppp0 proto kernel scope link src 65.94.251.41 > 192.168.1.0/24 dev eth0 scope link > 127.0.0.0/8 dev lo scope link > default via 65.94.251.1 dev ppp0 > [root@localhost shorewall]# > > > > Chain INPUT (policy DROP 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT all -- lo * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 DROP !icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 state INVALID > 17 804 ppp0_in all -- ppp0 * 0.0.0.0/0 > 0.0.0.0/0 > 560 36493 eth0_in all -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 eth1_in all -- eth1 * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 Reject all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 LOG all -- * * 0.0.0.0/0 > 0.0.0.0/0 LOG flags 0 level 6 prefix`Shorewall:INPUT:REJECT:''> 0 0 reject all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain FORWARD (policy DROP 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > 0 0 DROP !icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 state INVALID > 0 0 ppp0_fwd all -- ppp0 * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 eth0_fwd all -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 eth1_fwd all -- eth1 * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 Reject all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 LOG all -- * * 0.0.0.0/0 > 0.0.0.0/0 LOG flags 0 level 6 prefix > `Shorewall:FORWARD:REJECT:'' > 0 0 reject all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain OUTPUT (policy DROP 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT all -- * lo 0.0.0.0/0 > 0.0.0.0/0 > 0 0 DROP !icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 state INVALID > 0 0 fw2net all -- * ppp0 0.0.0.0/0 > 0.0.0.0/0 > 318 105K all2all all -- * eth0 0.0.0.0/0 > 0.0.0.0/0 > 0 0 all2all all -- * eth1 0.0.0.0/0 > 0.0.0.0/0 > 0 0 Reject all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 LOG all -- * * 0.0.0.0/0 > 0.0.0.0/0 LOG flags 0 level 6 prefix > `Shorewall:OUTPUT:REJECT:'' > 0 0 reject all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain Drop (1 references) > pkts bytes target prot opt in out source > destination > 17 804 RejectAuth all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 17 804 dropBcast all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 17 804 DropSMB all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 1 28 DropUPnP all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 1 28 dropNonSyn all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 1 28 DropDNSrep all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain DropDNSrep (2 references) > pkts bytes target prot opt in out source > destination > 0 0 DROP udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp spt:53 > > Chain DropSMB (1 references) > pkts bytes target prot opt in out source > destination > 0 0 DROP udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp dpt:135 > 0 0 DROP udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp dpts:137:139 > 0 0 DROP udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp dpt:445 > 16 776 DROP tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:135 > 0 0 DROP tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:139 > 0 0 DROP tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:445 > > Chain DropUPnP (2 references) > pkts bytes target prot opt in out source > destination > 0 0 DROP udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp dpt:1900 > > Chain Reject (4 references) > pkts bytes target prot opt in out source > destination > 2 319 RejectAuth all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 2 319 dropBcast all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 2 319 RejectSMB all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 DropUPnP all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 dropNonSyn all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 DropDNSrep all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain RejectAuth (2 references) > pkts bytes target prot opt in out source > destination > 0 0 reject tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:113 > > Chain RejectSMB (1 references) > pkts bytes target prot opt in out source > destination > 0 0 reject udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp dpt:135 > 2 319 reject udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp dpts:137:139 > 0 0 reject udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp dpt:445 > 0 0 reject tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:135 > 0 0 reject tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:139 > 0 0 reject tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:445 > > Chain all2all (2 references) > pkts bytes target prot opt in out source > destination > 316 105K ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED > 2 319 Reject all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 LOG all -- * * 0.0.0.0/0 > 0.0.0.0/0 LOG flags 0 level 6 prefix > `Shorewall:all2all:REJECT:'' > 0 0 reject all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain dropBcast (2 references) > pkts bytes target prot opt in out source > destination > 0 0 DROP all -- * * 0.0.0.0/0 > 0.0.0.0/0 PKTTYPE = broadcast > 0 0 DROP all -- * * 0.0.0.0/0 > 0.0.0.0/0 PKTTYPE = multicast > > Chain dropNonSyn (2 references) > pkts bytes target prot opt in out source > destination > 0 0 DROP tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp flags:!0x16/0x02 > > Chain dynamic (6 references) > pkts bytes target prot opt in out source > destination > > Chain eth0_fwd (1 references) > pkts bytes target prot opt in out source > destination > 0 0 dynamic all -- * * 0.0.0.0/0 > 0.0.0.0/0 state NEW > 0 0 loc2net all -- * ppp0 0.0.0.0/0 > 0.0.0.0/0 > 0 0 ACCEPT all -- * eth1 0.0.0.0/0 > 0.0.0.0/0 > > Chain eth0_in (1 references) > pkts bytes target prot opt in out source > destination > 2 477 dynamic all -- * * 0.0.0.0/0 > 0.0.0.0/0 state NEW > 560 36493 loc2fw all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain eth1_fwd (1 references) > pkts bytes target prot opt in out source > destination > 0 0 dynamic all -- * * 0.0.0.0/0 > 0.0.0.0/0 state NEW > 0 0 loc2net all -- * ppp0 0.0.0.0/0 > 0.0.0.0/0 > 0 0 ACCEPT all -- * eth0 0.0.0.0/0 > 0.0.0.0/0 > > Chain eth1_in (1 references) > pkts bytes target prot opt in out source > destination > 0 0 dynamic all -- * * 0.0.0.0/0 > 0.0.0.0/0 state NEW > 0 0 loc2fw all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain fw2net (1 references) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:80 > 0 0 ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain icmpdef (0 references) > pkts bytes target prot opt in out source > destination > > Chain loc2fw (2 references) > pkts bytes target prot opt in out source > destination > 558 36016 ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:3128 > 2 477 ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain loc2net (2 references) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED > 0 0 ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain net2all (3 references) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED > 17 804 Drop all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 1 28 LOG all -- * * 0.0.0.0/0 > 0.0.0.0/0 LOG flags 0 level 6 prefix`Shorewall:net2all:DROP:''> 1 28 DROP all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain ppp0_fwd (1 references) > pkts bytes target prot opt in out source > destination > 0 0 dynamic all -- * * 0.0.0.0/0 > 0.0.0.0/0 state NEW > 0 0 net2all all -- * eth0 0.0.0.0/0 > 0.0.0.0/0 > 0 0 net2all all -- * eth1 0.0.0.0/0 > 0.0.0.0/0 > > Chain ppp0_in (1 references) > pkts bytes target prot opt in out source > destination > 17 804 dynamic all -- * * 0.0.0.0/0 > 0.0.0.0/0 state NEW > 17 804 net2all all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain reject (11 references) > pkts bytes target prot opt in out source > destination > 0 0 DROP all -- * * 0.0.0.0/0 > 0.0.0.0/0 PKTTYPE = broadcast > 0 0 DROP all -- * * 0.0.0.0/0 > 0.0.0.0/0 PKTTYPE = multicast > 0 0 DROP all -- * * 192.168.1.255 > 0.0.0.0/0 > 0 0 DROP all -- * * 255.255.255.255 > 0.0.0.0/0 > 0 0 DROP all -- * * 224.0.0.0/4 > 0.0.0.0/0 > 0 0 REJECT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 reject-with tcp-reset > 2 319 REJECT udp -- * * 0.0.0.0/0 > 0.0.0.0/0 reject-with icmp-port-unreachable > 0 0 REJECT icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 reject-with icmp-host-unreachable > 0 0 REJECT all -- * * 0.0.0.0/0 > 0.0.0.0/0 reject-with icmp-host-prohibited > > Chain shorewall (0 references) > pkts bytes target prot opt in out source > destination > > Chain smurfs (0 references) > pkts bytes target prot opt in out source > destination > 0 0 LOG all -- * * 192.168.1.255 > 0.0.0.0/0 LOG flags 0 level 6 prefix`Shorewall:smurfs:DROP:''> 0 0 DROP all -- * * 192.168.1.255 > 0.0.0.0/0 > 0 0 LOG all -- * * 255.255.255.255 > 0.0.0.0/0 LOG flags 0 level 6 prefix`Shorewall:smurfs:DROP:''> 0 0 DROP all -- * * 255.255.255.255 > 0.0.0.0/0 > 0 0 LOG all -- * * 224.0.0.0/4 > 0.0.0.0/0 LOG flags 0 level 6 prefix`Shorewall:smurfs:DROP:''> 0 0 DROP all -- * * 224.0.0.0/4 > 0.0.0.0/0 > [root@localhost shorewall]# > > [root@localhost shorewall]# ip addr show > 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 brd 127.255.255.255 scope host lo > 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen1000> link/ether 00:10:b5:9d:b2:58 brd ff:ff:ff:ff:ff:ff > inet 192.168.1.33/24 brd 192.168.1.255 scope global eth0 > 3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen1000> link/ether 00:a0:c9:73:cc:79 brd ff:ff:ff:ff:ff:ff > 5: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1492 qdisc pfifo_fastqlen> 3 > link/ppp > inet 65.94.251.41 peer 65.94.251.1/32 scope global ppp0 > [root@localhost shorewall]# > > ------------------------------------------------------------- > > > > > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:https://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm
Sylvain Angers
2004-Jun-24 05:41 UTC
Re: Netbios resolution failed: Operation not permitted
Dear M. Jerry Vonauery, Thank you very very much for your accurate answer! My server is now functional, you made my day :-) -- Sylvain Angers Technicien en Informatique de réseaux Linux sangers@sympatico.ca (514)769-4119