Hello all! I'm using Debian 3.1 and shorewall 2.2.3
I installed samba on the same machine where I already have shorewall installed. As I noticed samba is disabled by default in shorewall. So, I followed the instruction in http://www.shorewall.net/samba.htm: 1. Added the lines into /etc/shorewall/rules AllowSMB fw loc AllowSMB loc fw 2. Copied action.Drop and action.Reject from /usr/share/shorewall to /etc/shorewall 3. Deleted al the REJECT lines from the DropSMB and RejectSMB actions in /etc/shorewall 4. Restarted shorewall Unfortunately, I'm still unable to see samba in network from Windows PC. Please tell me, what I did wrong. Thanks in advance. Shorewall restart log is below: ----------------------------------------------------- Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Restarting Shorewall... Initializing... Shorewall has detected the following iptables/netfilter capabilities: NAT: Available Packet Mangling: Available Multi-port Match: Available Extended Multi-port Match: Not available Connection Tracking Match: Available Packet Type Match: Available Policy Match: Not available Physdev Match: Available IP range Match: Available Recent Match: Available Determining Zones... Zones: net loc Validating interfaces file... Validating hosts file... Validating Policy file... Determining Hosts in Zones... Net Zone: ppp0:0.0.0.0/0 Local Zone: eth0:0.0.0.0/0 Processing /etc/shorewall/init ... Pre-processing Actions... Pre-processing /etc/shorewall/action.DropSMB... Pre-processing /etc/shorewall/action.RejectSMB... Pre-processing /usr/share/shorewall/action.DropUPnP... Pre-processing /usr/share/shorewall/action.RejectAuth... Pre-processing /usr/share/shorewall/action.DropPing... Pre-processing /usr/share/shorewall/action.DropDNSrep... Pre-processing /usr/share/shorewall/action.AllowPing... Pre-processing /usr/share/shorewall/action.AllowFTP... Pre-processing /usr/share/shorewall/action.AllowDNS... Pre-processing /usr/share/shorewall/action.AllowSSH... Pre-processing /usr/share/shorewall/action.AllowWeb... Pre-processing /usr/share/shorewall/action.AllowSMB... Pre-processing /usr/share/shorewall/action.AllowAuth... Pre-processing /usr/share/shorewall/action.AllowSMTP... Pre-processing /usr/share/shorewall/action.AllowPOP3... Pre-processing /usr/share/shorewall/action.AllowICMPs... Pre-processing /usr/share/shorewall/action.AllowIMAP... Pre-processing /usr/share/shorewall/action.AllowTelnet... Pre-processing /usr/share/shorewall/action.AllowVNC... Pre-processing /usr/share/shorewall/action.AllowVNCL... Pre-processing /usr/share/shorewall/action.AllowNTP... Pre-processing /usr/share/shorewall/action.AllowRdate... Pre-processing /usr/share/shorewall/action.AllowNNTP... Pre-processing /usr/share/shorewall/action.AllowTrcrt... Pre-processing /usr/share/shorewall/action.AllowSNMP... Pre-processing /usr/share/shorewall/action.AllowPCA... Pre-processing /usr/share/shorewall/action.AllowSPAMD... Pre-processing /usr/share/shorewall/action.AllowSyslog... Pre-processing /usr/share/shorewall/action.AllowAmanda... Pre-processing /usr/share/shorewall/action.AllowLDAP... Pre-processing /usr/share/shorewall/action.AllowICQ... Pre-processing /usr/share/shorewall/action.AllowBitTorrent... Pre-processing /usr/share/shorewall/action.AllowSMBswat... Pre-processing /usr/share/shorewall/action.DropSMTP... Pre-processing /usr/share/shorewall/action.AllowCVS... Pre-processing /usr/share/shorewall/action.AllowSVN... Pre-processing /usr/share/shorewall/action.AllowMySQL... Pre-processing /usr/share/shorewall/action.AllowPostgreSQL... Pre-processing /usr/share/shorewall/action.AllowRsync... Pre-processing /usr/share/shorewall/action.AllowDistcc... Pre-processing /usr/share/shorewall/action.Drop... Pre-processing /usr/share/shorewall/action.Reject... Deleting user chains... Processing /etc/shorewall/routestopped ... Setting up Accounting... Creating Interface Chains... Configuring Proxy ARP Setting up NAT... Setting up NETMAP... Adding Common Rules Processing /etc/shorewall/initdone ... Adding rules for DHCP Setting up TCP Flags checking... Setting up Kernel Route Filtering... IP Forwarding Enabled Processing /etc/shorewall/tunnels... Processing /etc/shorewall/ipsec... Processing /etc/shorewall/rules... Rule "ACCEPT fw net tcp 21" added. Rule "ACCEPT fw net tcp 22" added. Rule "ACCEPT fw net tcp 25" added. Rule "ACCEPT fw net tcp 110" added. Rule "ACCEPT fw net tcp 143" added. Rule "ACCEPT fw net tcp 443" added. Rule "ACCEPT fw net tcp 783" added. Rule "ACCEPT fw net tcp 993" added. Rule "ACCEPT fw net tcp 53" added. Rule "ACCEPT fw net udp 53" added. Rule "ACCEPT fw loc tcp 22" added. Rule "ACCEPT fw loc tcp 21" added. Rule "ACCEPT loc fw tcp 21" added. Rule "ACCEPT loc fw tcp 22" added. Rule "ACCEPT loc fw tcp 25" added. Rule "ACCEPT loc fw tcp 80" added. Rule "ACCEPT loc fw tcp 106" added. Rule "ACCEPT loc fw tcp 110" added. Rule "ACCEPT loc fw tcp 901" added. Rule "ACCEPT loc fw tcp 3306" added. Rule "ACCEPT net fw tcp 21" added. Rule "ACCEPT net fw tcp 22" added. Rule "ACCEPT net fw tcp 25" added. Rule "ACCEPT net fw tcp 80" added. Rule "ACCEPT net fw tcp 110" added. Rule "ACCEPT net fw tcp 143" added. Rule "ACCEPT net fw tcp 443" added. Rule "ACCEPT net fw tcp 783" added. Rule "ACCEPT net fw tcp 993" added. Rule "ACCEPT loc fw icmp 8" added. Rule "ACCEPT net fw icmp 8" added. Rule "ACCEPT fw loc icmp 8" added. Rule "ACCEPT fw loc tcp 106" added. Rule "ACCEPT fw net icmp" added. Rule "AllowDNS loc fw" added. Rule "ACCEPT fw net tcp 80" added. Rule "ACCEPT fw net tcp 110" added. Rule "AllowSMB fw loc" added. Rule "AllowSMB loc fw" added. Processing Actions... Generating Transitive Closure of Used-action List... Processing /usr/share/shorewall/action.Drop for Chain Drop... Rule "RejectAuth" added. Rule "dropBcast" added. Rule "AllowICMPs - - icmp" added. Rule "dropInvalid" added. Rule "DropSMB" added. Rule "DropUPnP" added. Rule "dropNotSyn - - tcp" added. Rule "DropDNSrep" added. Processing /usr/share/shorewall/action.Reject for Chain Reject... Rule "RejectAuth" added. Rule "dropBcast" added. Rule "AllowICMPs - - icmp" added. Rule "dropInvalid" added. Rule "RejectSMB" added. Rule "DropUPnP" added. Rule "dropNotSyn - - tcp" added. Rule "DropDNSrep" added. Processing /usr/share/shorewall/action.AllowDNS for Chain AllowDNS... Rule "ACCEPT - - udp 53" added. Rule "ACCEPT - - tcp 53" added. Processing /usr/share/shorewall/action.AllowSMB for Chain AllowSMB... Rule "ACCEPT - - udp 135,445" added. Rule "ACCEPT - - udp 137:139" added. Rule "ACCEPT - - udp 1024: 137" added. Rule "ACCEPT - - tcp 135,139,445" added. Processing /usr/share/shorewall/action.RejectAuth for Chain RejectAuth... Rule "REJECT - - tcp 113" added. Processing /usr/share/shorewall/action.AllowICMPs for Chain AllowICMPs... Rule "ACCEPT - - icmp fragmentation-needed" added. Rule "ACCEPT - - icmp time-exceeded" added. Processing /etc/shorewall/action.DropSMB for Chain DropSMB... Processing /usr/share/shorewall/action.DropUPnP for Chain DropUPnP... Rule "DROP - - udp 1900" added. Processing /usr/share/shorewall/action.DropDNSrep for Chain DropDNSrep... Rule "DROP - - udp - 53" added. Processing /etc/shorewall/action.RejectSMB for Chain RejectSMB... Processing /etc/shorewall/policy... Policy REJECT for fw to net using chain all2all Policy REJECT for fw to loc using chain all2all Policy DROP for net to fw using chain net2all Policy REJECT for loc to fw using chain all2all Policy ACCEPT for loc to net using chain loc2net Masqueraded Networks and Hosts: To 0.0.0.0/0 (all) from 192.168.0.0/24 through ppp0 Processing /etc/shorewall/tos... Processing /etc/shorewall/ecn... Activating Rules... Processing /etc/shorewall/start ... Shorewall Restarted
