On Tue, 2003-09-09 at 11:18, Reuben D. Budiardja wrote: > Well, my more general question is whether some ports need to be open if I just > run client (smbmount) and NFS mount, *not* the server. Add to that, I know > that some of the listers here are happy users of shorewall, the reason of > which I checked it out, so... :)
We handle general stuff on the shorewall list too.... :-) > > Yes, both the samba protocols as well as the NFS protocols require that > > a given set of ports be opened on your firewall. The ports in question > > are all listed in the shorewall documentation. In what area do you need > > clarification? > > It doesn't say if that's needed if the machine acts as Samba server (share) or > client, or NFS server (which doing the exporting) or client (just mounting a > remote exported directory). > My machine just acks as a client, and I don't open anything else in the > firewall excepts for the few ports that I know I need to open (http, > sendmail). It's working now, I can browse and read file (smb and nfs). Yet, > when I look back from the log, I see the following, which happened few hours > ago and never happen again since. After rereading your previous email and the rest of this email I have a better understanding of your configuration. While you didn't say it I think you are running you clients on the same machine as the firewall. Take a look at your policy file in shorewall. It most likely has a policy of "fw loc ACCEPT". This takes care of all client needs. > Sep 8 13:50:38 voyager kernel: Shorewall:newnotsyn:DROP:IN= OUT=eth0 > SRC=160.36.28.203 DST=160.36.28.37 LEN=52 TOS=0x10 PREC=0x00 TTL=64 ID=5888 > DF PROTO=TCP SPT=60452 DPT=22 WINDOW=62640 RES=0x00 ACK RST URGP=0 > > I'm not sure if this is because I don't open the necessary port, or an > artifact of something else going on. Something else.... Please go back the the shorewall website and find information on "NEWNOTSYNC". Ed -- http://www.shorewall.net Shorewall, for all your firewall needs -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
