Re: [Users] IPTables Samba Help.

• Next message: rbraun: "[Users] 2002 ITworld.com, Inc. All rights"
• Previous message: Chris Wilson: "Re: [Users] Need help on interop linux-cisco"
• In reply to: dapunk: "[Users] IPTables Samba Help."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi dapunk,

> Subnet 1(192.168.10.0/24)
<snip>
> Subnet 2(192.168.20.0/24)

> I am currently able to ping a machine on Subnet1 from Subnet2, Which is
> good. I am not however able to do any sort of samba stuff.

Did you try pinging the other way? Your Samba connection is
subnet1->subnet2, but your pings are subnet2->subnet1.

> # Forward Packets (needed to ping outside networks)
> iptables -A FORWARD -i eth1 -j ACCEPT
> iptables -A FORWARD -o eth1 -j ACCEPT

What is eth1, and what is eth0? And which firewall are these rules on?

> iptables -A FORWARD -m state --state NEW -i eth1 -j ACCEPT
> iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A FORWARD -m state --state NEW,INVALID -i eth0 -j DROP

You could try adding "-j LOG" to the end of the FORWARD chain, and watch
your syslog for packets being dropped when you try and connect to the
remote samba share.

Ciao, Chris.

-- 
   ___ __     _
 / __// / ,__(_)_  | Chris Wilson -- UNIX Firewall Lead Developer |
/ (_ / ,\/ _/ /_ \ | NetServers.co.uk http://www.netservers.co.uk |
\ _//_/_/_//_/___/ | 21 Signet Court, Cambridge, UK. 01223 576516 |
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: rbraun: "[Users] 2002 ITworld.com, Inc. All rights"
• Previous message: Chris Wilson: "Re: [Users] Need help on interop linux-cisco"
• In reply to: dapunk: "[Users] IPTables Samba Help."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:08 CEST