pippovich Posted February 17, 2004 Report Share Posted February 17, 2004 Hi All, I have Mandy 9.2 set up as an internet sharing server and would like to be able to share my files as well and also to be able to access shared folders on other computers (all windoze). However, it seems that I have to choose between the two. For security reasons, as soon as I enable samba shares, the internet sharing disables itself. How do I go around this problem and still maintain a relatively secured internet connection? I would like to be able to view my files from other computers. Any suggestions? Pippovich p.s. How do I share internet connection without using DHCP? Can I set it up with static IPs? mcc does not seem to be giving me this option. Quote Link to comment Share on other sites More sharing options...
Guest anon Posted February 17, 2004 Report Share Posted February 17, 2004 The GUI in mcc for Samba is very poor. You need to edit the Samba config file manually to fix your problems. Or, if you have webmin installed, you can install SWAT which makes sorting out Samba configurations a breeze !! Swat should be on your CDs or get it from a MDK mirror. Quote Link to comment Share on other sites More sharing options...
Gowator Posted February 17, 2004 Report Share Posted February 17, 2004 I don't think that will work becuase the ports will be blocked. To short this out you need to set up the firewall (shorewall)which does the internet connection sharing. To do this you need to understand what shorewall is doing. Basically its sending requests to the internet to a virtual interface 0:9 which is really ppp0 .... You can set it to only forward certain requests.... however doing it from the MCC configuration is beyond me unless you can find the documentation for it. The way Mandrake sets this up is a bit weird..... Just a quick test though....can you connect to yourself via Samba ?? Quote Link to comment Share on other sites More sharing options...
pippovich Posted February 17, 2004 Author Report Share Posted February 17, 2004 Well, yes. I can connect myself via samba if I don't share my internet connection. As soon as I set up the internet sharing, my file sharing stops (I can't even see other computers). I suppose it has to do with the firewall that switches on automatically with internet sharing. When I switch off the firewall, the internet sharing stops and the file sharing starts working again. In mcc (part where you fiddle with the firewall) there is an option to enable certain services to be accessed by the internet (e.g. web server, telnet server), I tried fiddling with this as well but no result. I am not a total beginner (but neighter a unix hacker) so if there are some files I'd need to edit in order for it to work, please let me know. I'd give it a try. Thanks Quote Link to comment Share on other sites More sharing options...
pippovich Posted February 17, 2004 Author Report Share Posted February 17, 2004 One more thing: I just checked and I have both webmin and SWAT installed. However, I am not sure which part I would need to modify. For instance in SWAT, there is a "globals" tab and I suppose I'd need to modify the "hosts allow" and "hosts deny" fields. There is no problem with hosts allow (I put the hostnames of the computers in my network) but when it comes to hosts deny, I don't know what to put (and no, I can't just leave it blank, I've tried it already). I suppose it has to block everything else, but how to you express it? Or, if you think I shouldn't use SWAT, suggest something else. Thanks Quote Link to comment Share on other sites More sharing options...
Gowator Posted February 17, 2004 Report Share Posted February 17, 2004 pippovich If the prob is thefirewall then whatever you put in the smb.conf won't make any difference. What you need to determine is if the requests are getting through or not. could be nothing wrong with Samba but your firewall is blocking it!!! If this is the case then the more you fiddle with Samba is just moving you further away.... Quote Link to comment Share on other sites More sharing options...
pippovich Posted February 17, 2004 Author Report Share Posted February 17, 2004 No, I don't think there is anything wrong with samba cos it works perfect when the firewall is off. So, what do I do with the firewall so that it distinguishes local computers from the internet? Thanks Quote Link to comment Share on other sites More sharing options...
Gowator Posted February 18, 2004 Report Share Posted February 18, 2004 This is where Im hesitating.... The MCC wizard makes a real mess of the firewall IF you want to use the shorewall documentation. I tried it and got in a horrid mess and eventually took the advice of shorewall which is to copy there files OVER the Mandrake config. However, its a big step and once you do it you need to go through with it. Im quite busy right now so I cant promise to go throuh every part promptly. Can I suggest you take a look at the shorewall quick start guides. See if you think you can do it and then we'll give it a go! Quote Link to comment Share on other sites More sharing options...
roland Posted February 20, 2004 Report Share Posted February 20, 2004 see http://www.mandrakeusers.org/index.php?sho...t=0entry90553 It's for 9.1 I'll check this week end if it's also for 9.2 roland Quote Link to comment Share on other sites More sharing options...
pippovich Posted February 20, 2004 Author Report Share Posted February 20, 2004 Oh, thanks. I'll give it a try and let you know about the results. I think this is one of the areas where Mandrake has to improve. I don't mind having to go through files and modify them but someone who is a total newbie (switching from point and click systems such as windoze or tomato) might find it frustrating. Pippo Quote Link to comment Share on other sites More sharing options...
pippovich Posted February 21, 2004 Author Report Share Posted February 21, 2004 I've tried what you suggested Roland, and there has been some improvement in the following areas: - I am able to telnet into my linux box from other computers in the network - I can ping the linux box However, I still can't open my shared files :unsure:. I suppose I have to modify something else as well. I would like to show you a part from my /var/log/boot.log file, a part that has to do with the shorewall (I've bolded the part I find fishy, please let me know if you see something else): Feb 20 22:11:24 localhost shorewall: Loading /usr/share/shorewall/functions... Feb 20 22:11:25 localhost shorewall: Processing /etc/shorewall/params ... Feb 20 22:11:25 localhost shorewall: Processing /etc/shorewall/shorewall.conf... Feb 20 22:11:28 localhost shorewall: Starting Shorewall... Feb 20 22:11:28 localhost shorewall: Loading Modules... Feb 20 22:11:29 localhost shorewall: Initializing... Feb 20 22:11:29 localhost shorewall: Shorewall has detected the following iptables/netfilter capabilities: Feb 20 22:11:29 localhost shorewall: NAT: Available Feb 20 22:11:29 localhost shorewall: Packet Mangling: Available Feb 20 22:11:29 localhost shorewall: Multi-port Match: Available Feb 20 22:11:29 localhost shorewall: Connection Tracking Match: Available Feb 20 22:11:29 localhost shorewall: Determining Zones... Feb 20 22:11:29 localhost shorewall: Zones: net masq loc Feb 20 22:11:29 localhost shorewall: Validating interfaces file... Feb 20 22:11:29 localhost shorewall: Validating hosts file... Feb 20 22:11:29 localhost shorewall: Validating Policy file... Feb 20 22:11:29 localhost shorewall: Determining Hosts in Zones... Feb 20 22:11:29 localhost shorewall: Net Zone: ppp+:0.0.0.0/0 Feb 20 22:11:29 localhost shorewall: Masquerade Zone: eth0:0.0.0.0/0 Feb 20 22:11:29 localhost shorewall: Warning: Zone loc is empty Feb 20 22:11:29 localhost shorewall: Processing /etc/shorewall/init ... Feb 20 22:11:30 localhost shorewall: Deleting user chains... Feb 20 22:11:30 localhost shorewall: Setting up Accounting... Feb 20 22:11:31 localhost shorewall: Setting up User Sets... Feb 20 22:11:31 localhost shorewall: Creating Interface Chains... Feb 20 22:11:32 localhost shorewall: Configuring Proxy ARP Feb 20 22:11:32 localhost shorewall: Setting up NAT... Feb 20 22:11:32 localhost shorewall: Adding Common Rules Feb 20 22:11:33 localhost shorewall: IP Forwarding Enabled Feb 20 22:11:33 localhost shorewall: Processing /etc/shorewall/tunnels... Feb 20 22:11:33 localhost shorewall: Processing /etc/shorewall/rules... Feb 20 22:11:33 localhost shorewall: Rule "ACCEPT masq fw tcp domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp -" added. Feb 20 22:11:33 localhost shorewall: Rule "ACCEPT masq fw udp domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp -" added. Feb 20 22:11:33 localhost shorewall: Rule "ACCEPT fw masq tcp 631,515,137,138,139 -" added. Feb 20 22:11:34 localhost shorewall: Rule "ACCEPT fw masq udp 631,515,137,138,139 -" added. Feb 20 22:11:34 localhost shorewall: Processing /etc/shorewall/policy... Feb 20 22:11:34 localhost shorewall: Policy ACCEPT for fw to net using chain fw2net Feb 20 22:11:34 localhost shorewall: Policy ACCEPT for fw to masq using chain fw2masq Feb 20 22:11:34 localhost shorewall: Policy ACCEPT for masq to fw using chain masq2fw Feb 20 22:11:34 localhost shorewall: Policy ACCEPT for masq to net using chain masq2net Feb 20 22:11:35 localhost shorewall: Policy ACCEPT for loc to net using chain loc2net Feb 20 22:11:35 localhost shorewall: Masqueraded Subnets and Hosts: Feb 20 22:11:35 localhost shorewall: To 0.0.0.0/0 from 192.168.0.0/255.255.255.0 through ppp+ Feb 20 22:11:35 localhost shorewall: Processing /etc/shorewall/tos... Feb 20 22:11:36 localhost shorewall: Rule "all all tcp - ssh 16" added. Feb 20 22:11:36 localhost shorewall: Rule "all all tcp ssh - 16" added. Feb 20 22:11:36 localhost shorewall: Rule "all all tcp - ftp 16" added. Feb 20 22:11:36 localhost shorewall: Rule "all all tcp ftp - 16" added. Feb 20 22:11:36 localhost shorewall: Rule "all all tcp ftp-data - 8" added.Feb 20 22:11:36 localhost shorewall: Rule "all all tcp - ftp-data 8" added.Feb 20 22:11:36 localhost shorewall: Processing /etc/shorewall/ecn... Feb 20 22:11:36 localhost shorewall: Activating Rules... Feb 20 22:11:38 localhost shorewall: Processing /etc/shorewall/start ... Feb 20 22:11:38 localhost shorewall: Shorewall Started Feb 20 22:11:38 localhost rc: Starting shorewall: succeeded Any suggestions are more than welcome!! Pippovich Quote Link to comment Share on other sites More sharing options...
pippovich Posted February 21, 2004 Author Report Share Posted February 21, 2004 Hey I just realised that I can see the files on windoze computers. The only thing missing now is windoze users accessing files on my linux box. I suppose I have to solve the things I put in bold in the previous post. I just don't know how. Quote Link to comment Share on other sites More sharing options...
roland Posted February 21, 2004 Report Share Posted February 21, 2004 That must be your samba setting in /etc/samba/smb.conf Here is some guidelines from an old post I made there link again it's for 9.1 but there must be little change on 9.2 let's go ------------------------------------------------------------------------------------------------------------------------- here are some guideline i made public as it could interest some and may be some here could improve it.;-) How to set samba as a NTdomain server for Win95/98 clients 1) Server side: Mdk 9.1 !! let your firewall share netlogon (see below ) !! I took the default smb.conf set by MCC wizard The most relevant changes are: workgroup = GROUP ;or whatever ... security = share ;simple setup: no password ... local master = yes .... os level = 64 .... domain master = yes .... preferred master = yes .... domain logons = yes .... #==== Share Definitions ============== ... #example of shared directory [public_roland] path=/home/roland/partage guest ok = yes writeable = yes #end example of shared directory .... #!!! this one must be there [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = yes writable = no share modes = no .... 2) Clients side: ( !!! I'me trying to translate from a french Windows 98SE. Hope you could see what I mean .. ) Control Panel->Network Let only TCP/IP protocol: remove all NETBEUI or IPX/SPX stuff select Client for Microsoft Network ->Properties check "Connect on a NT Domain" enter the group name as domain name. "GROUP" on this case. Of course you have to reboot all the M$ Win machines That's all and works well for me :-) ------------------------------------------------------------------------------------------------------------------------- hope this help :) roland Quote Link to comment Share on other sites More sharing options...
pippovich Posted February 22, 2004 Author Report Share Posted February 22, 2004 Thanks Roland, I am going to give it a try. Does Samba need to be restarted or I don't need to touch anything else? If yes, how do you restart samba without having to restart the whole box? Pippovich Quote Link to comment Share on other sites More sharing options...
Gowator Posted February 22, 2004 Report Share Posted February 22, 2004 (edited) samba restart As root! Edited February 22, 2004 by Gowator Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.