similar to: Shorewall configuration - ''run_iptables''-problem

Can someone point me at how the machine account plays into permitting access here? [it] path = /mnt/data/samba/data/it valid users = CUSTOMER\sgw CUSTOMER\fhäu @CUSTOMER\edv read only = No browseable = No A user out of the group "edv" uses the PC "p10013". Sometimes he gets access, sometimes not. Logs show: (a) check_ntlm_password: authentication for user [P10013$]

Am 03.01.19 um 16:19 schrieb Rowland Penny via samba: > On Thu, 3 Jan 2019 15:46:24 +0100 "Stefan G. Weichinger via samba" > <samba at lists.samba.org> wrote: >> observation, maybe important: > > Oh, it's more than important, guess where the Windows ACLs are stored > ;-) hmm ... ? ;) >> (share "projekte" works fine, share "QM"

Hello, I wonder if someone could use the TPROXY with Shorewall and transparent Squid  with using the routing rules on shorewall (tcrules) for hosts / networks (LAN) with multiples providers (WANs) directly from the internal network on port 80 (with TPROXY transparent squid or REDIRECT). On this issue, the routing rules is not work propertly because the source is the

Hello, First , thanks to Tom for it''s great job ! Netfilter is really easy and powerfull with shorewall. So, I have configured two firewalls whith shorewall using keepalived for the redundant VRRP stuff. FW-a is MASTER and FW-b is BACKUP. Everything works correctly and FW-b upgrade to MASTER when FW-a is down or disconnected. FW-b downgrade to BACKUP when FW-a comes back. But when I

I made the following adjustments to /etc/shorewall/common.def (1.3.13 with all relevant patches). ############################################################################ # Shorewall 1.3 -- /etc/shorewall/common.def # # This file defines the rules that are applied before a policy of # DROP or REJECT is applied. In addition to the rules defined in this file, # the firewall will also define a

Hi! how can I mark ack packets with shorewall 2.x? (In 1.x I have done it with own rule in common file) TiA CU

It seems to me that ipsecnat tunnel type is not complete. Latest drafts of ipsec nat-traversal use udp port 4500 for nat-traversal communications. (It''s called port floating). That is needed to get rid of ugly ipsec passthru devices. Now ipsecnat opens port udp/500 from any source port. And I think ipsecnat won''t work at all with gw zone defined? I''m not sure about

The first Beta Version is available at: http://www.shorewall.net/pub/shorewall/Beta ftp://ftp.shorewall.net/pub/shorewall/Beta New features include: 1) "shorewall refresh" now reloads the traffic shaping rules (tcrules and tcstart). 2) "shorewall debug [re]start" now turns off debugging after an error occurs. This places the point of the failure near the end of the

Sorry to barge in on an old thread. I''m having the same trouble as the gent who started this thread. I''ve tried the options described and can''t seem to get the tunnel to pass packets through it. I''m using the Netscreen Remote VPN client (Safenet derivative) on a windows machine, trying to connect to a Netscreen 5xp at the other end. The connection fires

The search capability at http://www.shorewall.net has been improved. - The quick search on the main page no longer includes the mailing list archives. - The extended search page (http://www.shorewall.net/htdig/search.html) allows you to search: a) the entire site (including the archives); b) the site excluding the archivesj; or, c) just the archives. - The mailing list information page

Hi, I''m trying to enable ssh (when that works, want to add:pop3s,smtp,web) from the internet to the firewall but it does not work. I managed to DNAT ftp to a host in the loc network (192.168.0.50) successful but I don''t know why SSH: Does not work for me: ACCEPT net fw tcp 22 Works from the loc network: ACCEPT loc fw tcp 22 I have tried also with (no success): AllowSSH

Hello, I''ve been doing some tests on a firewall system running Shorewall 1.4, and have been getting some unexpected behavior when enabling the "newnotsyn" option. In the test setup, I have: ---------------------------------------- /etc/shorewall/interfaces net eth0 detect routefilter,tcpflags,blacklist loc eth1 10.0.0.255 dhcp,tcpflags,newnotsyn

While I''m in temporary retirement, I''ve decided spend a little time experimenting with new things and making some updates to the web site. The biggest result of this effort to date has been: http://shorewall.sf.net/Shorewall_Squid_Usage.html This outlines how to use Squid as a transparent proxy running on the firewall, in the DMZ or in the local network. In the latter two

This article describes how to implement "Port Knocking" in Shorewall. http://shorewall.net/PortKnocking.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

Hi everyone! First of all: Big thanks to Tom for this great work!! Now on to my qestion: I am using Shorewall among other machines on an new server where we need some kind of accounting. The script we would like to use for this is iam (http://intevation.de/iam/). The docs say: Alternatively you can use your own iptables script and only add the ''dump'' option, which should

I am trying to compile the small Samba 3.0.2a source on Solaris 9 to use ldap. The ./configure run reports: "WARNING: libldap is needed for LDAP support". The Solaris installation has it's native libldap installed in /usr/lib, but the configuration does not seem to find it. Would anyone know what I am missing? Thanks...dlb David Bost Dow Jones and Co. 4300 North Route 1 South

Hi List! I've got a problem that I've read about on the web several times now, regarding the uploading of printer drivers to the samba [print$] share. When I try to set the printer driver for an existing printer (HP LaserJet 6L enabled with CUPS) the W2K wizard let me select the driver *.inf file but when finishing I get the well known error message: "Unable to install Intel,

I have a few IP addresses attached to an interface without problems. I also have some chrooted environments attached to these IP addresses. Is there a way to make connections (telnet) from these environments look like they are coming from the aliased IP''s rather than the main IP address? Thanks for any help Kevin.

Hi, after upgrading samba from 4.1.17 to 4.1.19 on OpenSuSE 13.2, any shares offered by this machine can nolonger be accessed, when these shares contain an entry "force group" which specifies a local unix group and when there exists a unix user with the same name. Here's an excerpt from smb.conf: [FactWork] comment = FactWork-Downloadportal path =

I am ysyncing text files between NT/95/XP machines and Solaris. I noted that the text/ascii files created on the windows platforms contain ^M at the end of each line when transfered to the Solaris system. This can be explained by the binary transmission and can use FTP is ASCII mode to prevent this from happening. It is crutial that we preserve the time stamp, so running dos2unix isn't one