2007/11/20, Tom Eastep <[EMAIL PROTECTED]>: > However, your loc->road policy is REJECT (the all->all default).
Done. Now looks like: #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST road loc ACCEPT road net ACCEPT road $FW ACCEPT $FW road ACCEPT loc road ACCEPT #debug loc net ACCEPT info # If you want open access to the Internet from your Firewall # remove the comment from the following line. $FW net ACCEPT net all DROP info #debug # THE FOLLOWING POLICY MUST BE LAST all all REJECT info > You at > least need to allow SMB in that direction (see > http://www.shorewall.net/samba.htm). In rules I have: #SAMBA ACCEPT $FW loc udp 137,138,139 ACCEPT $FW loc tcp 137,138,139,445 ACCEPT $FW loc udp 1024: 137 ACCEPT loc $FW udp 137,138,139 ACCEPT loc $FW tcp 137,138,139,445 ACCEPT loc $FW udp 1024: 137 #SAMBAvia openvpn ACCEPT $FW road udp 137,138,139 ACCEPT $FW road tcp 137,138,139,445 ACCEPT $FW road udp 1024: 137 ACCEPT road $FW udp 137,138,139 ACCEPT road $FW tcp 137,138,139,445 ACCEPT road $FW udp 1024: 137 (samba works on $FW OK) > I suspect that that you haven't configured any type of Windows name service > either. This is a requirement any time that you want to use Windows > networking in a routed environment. Probably the easiest solution is to run > Samba as a WINs server and configure all of your Windows clients to use it > (if you use DHCP, you can configure it to propagate this setting to Windows > clients). wins support = yes In samba.conf. Still can not connect via openvpn. Regards Rob ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
