shorewall and samba problem
Hello all!
I'm using Debian 3.1 and shorewall 2.2.3
I installed samba on the same machine where I already have shorewall installed.
As I noticed samba is disabled by default in shorewall.
So, I followed the instruction in http://www.shorewall.net/samba.htm:
1. Added the lines into /etc/shorewall/rules
AllowSMB fw loc
AllowSMB loc fw
2. Copied action.Drop and action.Reject from /usr/share/shorewall to
/etc/shorewall
3. Deleted al the REJECT lines from the DropSMB and RejectSMB actions
in /etc/shorewall
4. Restarted shorewall
Unfortunately, I'm still unable to see samba in network from Windows PC.
Please tell me, what I did wrong.
Thanks in advance.
Shorewall restart log is below:
-----------------------------------------------------
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Restarting Shorewall...
Initializing...
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Not available
Connection Tracking Match: Available
Packet Type Match: Available
Policy Match: Not available
Physdev Match: Available
IP range Match: Available
Recent Match: Available
Determining Zones...
Zones: net loc
Validating interfaces file...
Validating hosts file...
Validating Policy file...
Determining Hosts in Zones...
Net Zone: ppp0:0.0.0.0/0
Local Zone: eth0:0.0.0.0/0
Processing /etc/shorewall/init ...
Pre-processing Actions...
Pre-processing /etc/shorewall/action.DropSMB...
Pre-processing /etc/shorewall/action.RejectSMB...
Pre-processing /usr/share/shorewall/action.DropUPnP...
Pre-processing /usr/share/shorewall/action.RejectAuth...
Pre-processing /usr/share/shorewall/action.DropPing...
Pre-processing /usr/share/shorewall/action.DropDNSrep...
Pre-processing /usr/share/shorewall/action.AllowPing...
Pre-processing /usr/share/shorewall/action.AllowFTP...
Pre-processing /usr/share/shorewall/action.AllowDNS...
Pre-processing /usr/share/shorewall/action.AllowSSH...
Pre-processing /usr/share/shorewall/action.AllowWeb...
Pre-processing /usr/share/shorewall/action.AllowSMB...
Pre-processing /usr/share/shorewall/action.AllowAuth...
Pre-processing /usr/share/shorewall/action.AllowSMTP...
Pre-processing /usr/share/shorewall/action.AllowPOP3...
Pre-processing /usr/share/shorewall/action.AllowICMPs...
Pre-processing /usr/share/shorewall/action.AllowIMAP...
Pre-processing /usr/share/shorewall/action.AllowTelnet...
Pre-processing /usr/share/shorewall/action.AllowVNC...
Pre-processing /usr/share/shorewall/action.AllowVNCL...
Pre-processing /usr/share/shorewall/action.AllowNTP...
Pre-processing /usr/share/shorewall/action.AllowRdate...
Pre-processing /usr/share/shorewall/action.AllowNNTP...
Pre-processing /usr/share/shorewall/action.AllowTrcrt...
Pre-processing /usr/share/shorewall/action.AllowSNMP...
Pre-processing /usr/share/shorewall/action.AllowPCA...
Pre-processing /usr/share/shorewall/action.AllowSPAMD...
Pre-processing /usr/share/shorewall/action.AllowSyslog...
Pre-processing /usr/share/shorewall/action.AllowAmanda...
Pre-processing /usr/share/shorewall/action.AllowLDAP...
Pre-processing /usr/share/shorewall/action.AllowICQ...
Pre-processing /usr/share/shorewall/action.AllowBitTorrent...
Pre-processing /usr/share/shorewall/action.AllowSMBswat...
Pre-processing /usr/share/shorewall/action.DropSMTP...
Pre-processing /usr/share/shorewall/action.AllowCVS...
Pre-processing /usr/share/shorewall/action.AllowSVN...
Pre-processing /usr/share/shorewall/action.AllowMySQL...
Pre-processing /usr/share/shorewall/action.AllowPostgreSQL...
Pre-processing /usr/share/shorewall/action.AllowRsync...
Pre-processing /usr/share/shorewall/action.AllowDistcc...
Pre-processing /usr/share/shorewall/action.Drop...
Pre-processing /usr/share/shorewall/action.Reject...
Deleting user chains...
Processing /etc/shorewall/routestopped ...
Setting up Accounting...
Creating Interface Chains...
Configuring Proxy ARP
Setting up NAT...
Setting up NETMAP...
Adding Common Rules
Processing /etc/shorewall/initdone ...
Adding rules for DHCP
Setting up TCP Flags checking...
Setting up Kernel Route Filtering...
IP Forwarding Enabled
Processing /etc/shorewall/tunnels...
Processing /etc/shorewall/ipsec...
Processing /etc/shorewall/rules...
Rule "ACCEPT fw net tcp 21" added.
Rule "ACCEPT fw net tcp 22" added.
Rule "ACCEPT fw net tcp 25" added.
Rule "ACCEPT fw net tcp 110" added.
Rule "ACCEPT fw net tcp 143" added.
Rule "ACCEPT fw net tcp 443" added.
Rule "ACCEPT fw net tcp 783" added.
Rule "ACCEPT fw net tcp 993" added.
Rule "ACCEPT fw net tcp 53" added.
Rule "ACCEPT fw net udp 53" added.
Rule "ACCEPT fw loc tcp 22" added.
Rule "ACCEPT fw loc tcp 21" added.
Rule "ACCEPT loc fw tcp 21" added.
Rule "ACCEPT loc fw tcp 22" added.
Rule "ACCEPT loc fw tcp 25" added.
Rule "ACCEPT loc fw tcp 80" added.
Rule "ACCEPT loc fw tcp 106" added.
Rule "ACCEPT loc fw tcp 110" added.
Rule "ACCEPT loc fw tcp 901" added.
Rule "ACCEPT loc fw tcp 3306" added.
Rule "ACCEPT net fw tcp 21" added.
Rule "ACCEPT net fw tcp 22" added.
Rule "ACCEPT net fw tcp 25" added.
Rule "ACCEPT net fw tcp 80" added.
Rule "ACCEPT net fw tcp 110" added.
Rule "ACCEPT net fw tcp 143" added.
Rule "ACCEPT net fw tcp 443" added.
Rule "ACCEPT net fw tcp 783" added.
Rule "ACCEPT net fw tcp 993" added.
Rule "ACCEPT loc fw icmp 8" added.
Rule "ACCEPT net fw icmp 8" added.
Rule "ACCEPT fw loc icmp 8" added.
Rule "ACCEPT fw loc tcp 106" added.
Rule "ACCEPT fw net icmp" added.
Rule "AllowDNS loc fw" added.
Rule "ACCEPT fw net tcp 80" added.
Rule "ACCEPT fw net tcp 110" added.
Rule "AllowSMB fw loc" added.
Rule "AllowSMB loc fw" added.
Processing Actions...
Generating Transitive Closure of Used-action List...
Processing /usr/share/shorewall/action.Drop for Chain Drop...
Rule "RejectAuth" added.
Rule "dropBcast" added.
Rule "AllowICMPs - - icmp" added.
Rule "dropInvalid" added.
Rule "DropSMB" added.
Rule "DropUPnP" added.
Rule "dropNotSyn - - tcp" added.
Rule "DropDNSrep" added.
Processing /usr/share/shorewall/action.Reject for Chain Reject...
Rule "RejectAuth" added.
Rule "dropBcast" added.
Rule "AllowICMPs - - icmp" added.
Rule "dropInvalid" added.
Rule "RejectSMB" added.
Rule "DropUPnP" added.
Rule "dropNotSyn - - tcp" added.
Rule "DropDNSrep" added.
Processing /usr/share/shorewall/action.AllowDNS for Chain AllowDNS...
Rule "ACCEPT - - udp 53" added.
Rule "ACCEPT - - tcp 53" added.
Processing /usr/share/shorewall/action.AllowSMB for Chain AllowSMB...
Rule "ACCEPT - - udp 135,445" added.
Rule "ACCEPT - - udp 137:139" added.
Rule "ACCEPT - - udp 1024: 137" added.
Rule "ACCEPT - - tcp 135,139,445" added.
Processing /usr/share/shorewall/action.RejectAuth for Chain RejectAuth...
Rule "REJECT - - tcp 113" added.
Processing /usr/share/shorewall/action.AllowICMPs for Chain AllowICMPs...
Rule "ACCEPT - - icmp fragmentation-needed" added.
Rule "ACCEPT - - icmp time-exceeded" added.
Processing /etc/shorewall/action.DropSMB for Chain DropSMB...
Processing /usr/share/shorewall/action.DropUPnP for Chain DropUPnP...
Rule "DROP - - udp 1900" added.
Processing /usr/share/shorewall/action.DropDNSrep for Chain DropDNSrep...
Rule "DROP - - udp - 53" added.
Processing /etc/shorewall/action.RejectSMB for Chain RejectSMB...
Processing /etc/shorewall/policy...
Policy REJECT for fw to net using chain all2all
Policy REJECT for fw to loc using chain all2all
Policy DROP for net to fw using chain net2all
Policy REJECT for loc to fw using chain all2all
Policy ACCEPT for loc to net using chain loc2net
Masqueraded Networks and Hosts:
To 0.0.0.0/0 (all) from 192.168.0.0/24 through ppp0
Processing /etc/shorewall/tos...
Processing /etc/shorewall/ecn...
Activating Rules...
Processing /etc/shorewall/start ...
Shorewall Restarted
Reply to: