Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] IPTables Samba Help.

From: punk (punk_at_sskid.org)
Date: Wed May 29 2002 - 21:30:30 CEST

Next message: Subba Rao: "[Users] IPSec VPN and CA server"
Previous message: Bantoft, Ken: "RE: [Users] Help with Contivity client"
In reply to: Sam Sgro: "Re: [Users] IPTables Samba Help."
Next in thread: Chris Wilson: "Re: [Users] IPTables Samba Help."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Yes, I have examined the tcpdump of both gateways. I know that the
packets are able to leave the gateway machine that is doing the
"smbclient -L IP_ADDRESS" request, because I setup a samba server on
another linux box with an external IP (209.123.xxx.xxx), and from the
machine behind the gateway (192.168.20.20), I was able to issue the
command "smbclient -L 209.123.xxx.xxx", and I got results. It listed all
the shares available instead of just failing. That external linux box,
has only a minimal firewall which allows the appropriate traffic. I
"think" this works because my firewall on the gateway allows any
connection that originated from inside it's private subnet.
I am able to repeat the above test on the other gateway as well. They
both have the exact same firewall configs.

So, I "think" that I am missing a forwarding rule, or I added a wrong
rule somewheres. I'm lost.

-Da Punk

On Wed, 2002-05-29 at 15:05, Sam Sgro wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
>
> On 29 May 2002, dapunk wrote:
>
> > I am currently able to ping a machine on Subnet1 from Subnet2, Which is
> > good. I am not however able to do any sort of samba stuff.
> > Ex. smbclient -L 192.168.10.20 (From 192.168.20.20) should list all the
> > shares available on that x.x.10.20 box, but it doesn't seem to work. I
> > am pretty sure that this is an issue in my firewall configuration
> > somewhere, but I can seem to find it. My firewall config is below. Any
> > help in this matter would be greatly appreciated.
>
> Have you confirmed that the packets are not getting past the firewall, via
> tcpdump? That way, you can be absolutely certain that investigating your
> firewall is the right approach.
>
> (I say this because troubleshooting network shares alone can be a handful,
> and can make it seem like NOTHING is going through the tunnel).
>
> Sam Sgro
> sam_at_freeswan.org
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3ia
> Charset: noconv
> Comment: For the matching public key, finger the Reply-To: address.
>
> iQCVAwUBPPUmfkOSC4btEQUtAQEmJwQAlr4p+y8CUP3cyEzWaOhCX/+7i9BRBAlh
> WchniLe02WUCwuYoveecv7w5i0n+eB4MkXcuQe6fjAOkgu7kKFbOCTDDfIocVlbS
> W/Rd9riamZQZi8qFtUa5YHVQ/PVx3FP+TFcjYibxcckO9s7GqhtY8iMVOFVeCXFV
> NgqX88bZqoE=
> =zyB8
> -----END PGP SIGNATURE-----
>
>

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Subba Rao: "[Users] IPSec VPN and CA server"
Previous message: Bantoft, Ken: "RE: [Users] Help with Contivity client"
In reply to: Sam Sgro: "Re: [Users] IPTables Samba Help."
Next in thread: Chris Wilson: "Re: [Users] IPTables Samba Help."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:08 CEST