Jump to content

Shorewall settings and Samba


anp66
 Share

Recommended Posts

Hi super users

 

I've have a problem when Shorewall firewall is active.

In that situation it is impossible to ping the Mandrake (9.1) box from an XP client in the same network.

 

I've had used the "Internet sharing" button to share the internet connection between Mandrake and XP box. I've thing that "Internet sharing" thing use Shorewall.

 

The situations is this:

When I've disconnect Shorewall, ping (and Samba) works, but the "Internet sharing" doesn't. :o

When I've use "Internet sharing" button the sharing thing works B) , but I've can't ping from XP to Mandrake.

In both situations I've can ping from Mandrake to XP.

 

The Mandrake box have 2 netcards. A "red" one connected to the world (internet) and a "green" one (192.168.1.1).

The XP box have a "green" netcard 192.168.1.253. IP address not static but optained from Mandrake (DHCP).

 

How do I've setup Shorewall so the XP box can ping Mandrake ?

 

Another (bad) solution: How do i share the internet connection without using Shorewall ?

 

Hope someone can put me in the right direction.

 

Best regards

Anders

Link to comment
Share on other sites

Hi Again

 

I've got confused over alle thise configurations files so I've started all ower, then I've get rid off the duplicated rules.

 

So here are the new clean files.

 

[root@MyServer shorewall]# more masq

eth1 192.168.1.0/255.255.255.0

 

[root@MyServer shorewall]# more zones

net Net Internet zone

masq Masquerade Masquerade Local

loc Local Local

 

[root@MyServer shorewall]# more interfaces

net eth1 detect

masq eth0 detect

 

[root@MyServer shorewall]# more rules

ACCEPT masq fw tcp domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp -

ACCEPT masq fw udp domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp -

ACCEPT fw masq tcp 631,515,137,138,139 -

ACCEPT fw masq udp 631,515,137,138,139 -

 

[root@MyServer shorewall]# more policy

masq net ACCEPT

loc net ACCEPT

fw net ACCEPT

net all DROP info

all all REJECT info

 

 

I've thing the changes shoud be done in the configuration files: rules and policy

 

Best regards

Anders :wall:

Link to comment
Share on other sites

I've finely got things working,

that is Shorewall, Internet Sharing & Samba (Connect to XP client).

 

For your information here is what I've did.

 

Basicly this link was followed:

http://www.shorewall.net/two-interface.htm

 

In short:

 

Remove old shorewall rpm's

clean /etc/shorewall directory

Install new shorewall rpm's (rpm -ivh --nodeps shorewall-2.0.1-1.noarch.rpm)

cp the two-interface sample files to /etc/shorewall directory

Edit the files as described

 

There is the result, ETH0 is the local netcard, ETH1 is the nectard connected to the world.

 

zones:

 

#ZONE DISPLAY COMMENTS

net Net Internet

loc Local Local Networks

#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

 

 

interfaces:

 

#ZONE INTERFACE BROADCAST OPTIONS

net eth1 detect dhcp,routefilter,norfc1918,tcpflags

loc eth0 detect tcpflags

#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

 

 

policy:

 

#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST

loc net ACCEPT

# Next line is AP line

loc fw ACCEPT

# If you want open access to the Internet from your Firewall

# remove the comment from the following line.

fw net ACCEPT

net all DROP info

# THE FOLLOWING POLICY MUST BE LAST

all all REJECT info

#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

 

 

rules:

 

#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/

# PORT PORT(S) DEST LIMIT GROUP

#

# Accept DNS connections from the firewall to the network

#

ACCEPT fw net tcp 53

ACCEPT fw net udp 53

#

# Accept SSH connections from the local network for administration

#

ACCEPT loc fw tcp 22

#

# Allow Ping To And From Firewall

#

ACCEPT loc fw icmp 8

ACCEPT net fw icmp 8

ACCEPT fw loc icmp

ACCEPT fw net icmp

#

# Allow Samba on Firewall

#

ACCEPT fw loc udp 137:139

ACCEPT fw loc tcp 137,139,445

ACCEPT fw loc udp 1024: 137

ACCEPT loc fw udp 137:139

ACCEPT loc fw tcp 137,139,445

ACCEPT loc fw udp 1024: 137

#

#

#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

 

 

masq:

 

#INTERFACE SUBNET ADDRESS

eth1 eth0

#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

 

Hope this is usefull for someone :D

 

Regards

Anders

Link to comment
Share on other sites

  • 1 month later...
Guest panicz
Hope this is usefull for someone  :D

Thx for sharing the info it was more than usefull !!

Now I have to do something with the samba I can see it on the network but I just can`t access it.....

Anyway now the firewall isn`t making this log with warnings etc THX

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...