Displaying 20 results from an estimated 1100 matches similar to: "Shorewall configuration - ''run_iptables''-problem"
2016 Jan 05
3
samba4 as ADS member: some users visible, others not
Can someone point me at how the machine account plays into permitting
access here?
[it]
path = /mnt/data/samba/data/it
valid users = CUSTOMER\sgw CUSTOMER\fhäu @CUSTOMER\edv
read only = No
browseable = No
A user out of the group "edv" uses the PC "p10013". Sometimes he gets
access, sometimes not.
Logs show:
(a)
check_ntlm_password: authentication for user [P10013$]
2019 Jan 03
3
Windows ACLs on share
Am 03.01.19 um 16:19 schrieb Rowland Penny via samba:
> On Thu, 3 Jan 2019 15:46:24 +0100 "Stefan G. Weichinger via samba"
> <samba at lists.samba.org> wrote:
>> observation, maybe important:
>
> Oh, it's more than important, guess where the Windows ACLs are stored
> ;-)
hmm ... ? ;)
>> (share "projekte" works fine, share "QM"
2012 May 08
19
Shorewall, TPROXY, Transparent Squid and Multiples ISP
Hello,
I wonder if someone could use the TPROXY with Shorewall and
transparent Squid with using the routing rules on shorewall
(tcrules) for hosts / networks (LAN) with multiples providers (WANs)
directly from the internal network on port 80 (with TPROXY
transparent squid or REDIRECT).
On this issue, the routing rules is not work propertly because the
source is the
2005 Mar 15
2
shorewall restart with keepalived (redundant firewalls)
Hello,
First , thanks to Tom for it''s great job ! Netfilter is really easy
and powerfull with shorewall.
So, I have configured two firewalls whith shorewall using keepalived
for the redundant VRRP stuff.
FW-a is MASTER and FW-b is BACKUP.
Everything works correctly and FW-b upgrade to MASTER when FW-a is
down or disconnected. FW-b downgrade to BACKUP when FW-a comes back.
But when I
2003 Feb 24
2
Shorewall / nmap question
I made the following adjustments to /etc/shorewall/common.def (1.3.13 with
all relevant patches).
############################################################################
# Shorewall 1.3 -- /etc/shorewall/common.def
#
# This file defines the rules that are applied before a policy of
# DROP or REJECT is applied. In addition to the rules defined in this file,
# the firewall will also define a
2004 May 07
5
mark ack with shorewall 2.x
Hi!
how can I mark ack packets with shorewall 2.x?
(In 1.x I have done it with own rule in common file)
TiA
CU
2003 Jan 06
3
ipsec nat-traversal
It seems to me that ipsecnat tunnel type is not complete.
Latest drafts of ipsec nat-traversal use udp port 4500 for nat-traversal
communications. (It''s called port floating). That is needed to get rid
of ugly ipsec passthru devices.
Now ipsecnat opens port udp/500 from any source port.
And I think ipsecnat won''t work at all with gw zone defined? I''m not
sure about
2002 Dec 19
4
Shorewall 1.3.12 Beta1
The first Beta Version is available at:
http://www.shorewall.net/pub/shorewall/Beta
ftp://ftp.shorewall.net/pub/shorewall/Beta
New features include:
1) "shorewall refresh" now reloads the traffic shaping rules (tcrules
and tcstart).
2) "shorewall debug [re]start" now turns off debugging after an error
occurs. This places the point of the failure near the end of the
2003 Jan 24
4
AW: AW: Ipsec passthrough
Sorry to barge in on an old thread. I''m having the same trouble as the
gent who started this thread. I''ve tried the options described and can''t
seem to get the tunnel to pass packets through it. I''m using the
Netscreen Remote VPN client (Safenet derivative) on a windows machine,
trying to connect to a Netscreen 5xp at the other end. The connection
fires
2002 Mar 30
3
Website Search Improvements
The search capability at http://www.shorewall.net has been improved.
- The quick search on the main page no longer includes the mailing list
archives.
- The extended search page (http://www.shorewall.net/htdig/search.html)
allows you to search:
a) the entire site (including the archives);
b) the site excluding the archivesj; or,
c) just the archives.
- The mailing list information page
2005 Apr 19
14
allow ssh access from net to fw?
Hi,
I''m trying to enable ssh (when that works, want to add:pop3s,smtp,web) from
the internet to the firewall but it does not work.
I managed to DNAT ftp to a host in the loc network (192.168.0.50) successful
but I don''t know why SSH:
Does not work for me:
ACCEPT net fw tcp 22
Works from the loc network:
ACCEPT loc fw tcp 22
I have tried also with (no success):
AllowSSH
2004 May 26
6
Newnotsyn Behavior
Hello,
I''ve been doing some tests on a firewall system running Shorewall 1.4, and
have been getting some unexpected behavior when enabling the "newnotsyn"
option.
In the test setup, I have:
----------------------------------------
/etc/shorewall/interfaces
net eth0 detect routefilter,tcpflags,blacklist
loc eth1 10.0.0.255 dhcp,tcpflags,newnotsyn
2003 Jan 09
19
New on the Web Site
While I''m in temporary retirement, I''ve decided spend a little time
experimenting with new things and making some updates to the web site. The
biggest result of this effort to date has been:
http://shorewall.sf.net/Shorewall_Squid_Usage.html
This outlines how to use Squid as a transparent proxy running on the
firewall, in the DMZ or in the local network. In the latter two
2005 May 12
12
New Article at Shorewall.net
This article describes how to implement "Port Knocking" in Shorewall.
http://shorewall.net/PortKnocking.html
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
2002 Apr 21
3
SHorewall and Accounting Scripts
Hi everyone!
First of all: Big thanks to Tom for this great work!!
Now on to my qestion:
I am using Shorewall among other machines on an new server where we
need some kind of accounting.
The script we would like to use for this is iam
(http://intevation.de/iam/).
The docs say:
Alternatively you can use your own iptables script and only add the
''dump'' option, which should
2004 May 05
5
Compiling --with-ldap on Solaris 9
I am trying to compile the small Samba 3.0.2a source on Solaris 9 to use
ldap. The ./configure run reports: "WARNING: libldap is needed for LDAP
support". The Solaris installation has it's native libldap installed in
/usr/lib, but the configuration does not seem to find it. Would anyone know
what I am missing? Thanks...dlb
David Bost
Dow Jones and Co.
4300 North Route 1
South
2002 May 13
1
Adding Printer Drivers for existing Printers (Win2000, WinNT x86)
Hi List!
I've got a problem that I've read about on the web several times now,
regarding the uploading of printer drivers to the samba [print$] share.
When I try to set the printer driver for an existing printer (HP
LaserJet 6L enabled with CUPS) the W2K wizard let me select the driver
*.inf file but when finishing I get the well known error message:
"Unable to install Intel,
2002 Dec 27
6
IP Alias problems
I have a few IP addresses attached to an interface without problems. I
also have some chrooted environments attached to these IP addresses. Is
there a way to make connections (telnet) from these environments look like
they are coming from the aliased IP''s rather than the main IP address?
Thanks for any help
Kevin.
2015 Jul 31
1
samba-4.1.19: resolving local unix group failes when there exists a local unix user with same name
Hi,
after upgrading samba from 4.1.17 to 4.1.19 on OpenSuSE 13.2, any shares offered by this machine can nolonger be accessed, when these shares contain an entry "force group" which specifies a local unix group and when there exists a unix user with the same name.
Here's an excerpt from smb.conf:
[FactWork]
comment = FactWork-Downloadportal
path =
2002 Jun 27
2
cygwin rsync and ascii files
I am ysyncing text files between NT/95/XP machines and Solaris. I noted
that the text/ascii files created on the windows platforms contain ^M at
the end of each line when transfered to the Solaris system. This can be
explained by the binary transmission and can use FTP is ASCII mode to
prevent this from happening. It is crutial that we preserve the time
stamp, so running dos2unix isn't one