roland Posted July 19, 2003 Report Share Posted July 19, 2003 Mandrake 9.1 I've installed internet connection sharing with DrakGw. Works perfectly well but the firewall (shorewall) blocks file sharing. To unblock this i've modified /etc/shorewall/policy like this: ############################################################################### #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST masq net ACCEPT fw net ACCEPT #rv masq fw ACCEPT #<==== HERE fw masq ACCEPT #<==== and HERE #fin rv net all DROP info all all REJECT info ############################################################################### What are the concequencies in tem of security ? Is is safe to enable internet connection server/firewall and file server (samba) in the same box ? thanks roland Quote Link to comment Share on other sites More sharing options...
ranger Posted July 20, 2003 Report Share Posted July 20, 2003 What are the concequencies in tem of security ? Internal users may be able to hack your firewall more easily. If you trust them, then that's probably OK. If someone does hack your box from the outside, they can now get into your network (so you may want to rather turn the policy for fw->masq back to deny, and add a rule in /etc/shorewall/rules allowing only connections to high ports on your network, but you may also need ports 137-139 for samba ..). Is is safe to enable internet connection server/firewall and file server (samba) in the same box ? It's always safer to restrict connections as much as possible, going both into and out of a firewall, but unless you have the extra machines, a firewall that is pretty tight from the outside should be enough to make you a less attractive target to hack ... Quote Link to comment Share on other sites More sharing options...
roland Posted July 20, 2003 Author Report Share Posted July 20, 2003 thanks ranger roland Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.