[Firehol-support] Using "client all accept" isn't enough to access samba shares
Laurento Frittella
laurento.frittella at gmail.com
Tue Feb 24 08:54:18 GMT 2009
I haven't find a solution yet... any idea?
Regards,
Laurento
Il giorno mar, 23/12/2008 alle 18.48 +0100, Vincent Danjean ha scritto:
> Laurento Frittella wrote:
> > Hi all,
> > if I use "client all accept" (but I've tried with "client samba accept"
> > too) firehol still filter some useful traffic:
> >
> > Dec 23 17:49:52 thot IN-lan:IN=eth0 OUT=
> > MAC=00:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=10.0.0.1 DST=10.0.0.20
> > LEN=96 TOS=0x00 PREC=0x00 TTL=128 ID=27951 PROTO=UDP SPT=137 DPT=48003
> > LEN=76
> >
> > (where 10.0.0.1 is the samba server and 10.0.0.20 my notebook running
> > firehol)
> >
> > If I stop firehol (disabling all filtering) all works well. How can I
> > solve this issue?
>
> I've had a similar issue: I've a bridge between openvpn and my local network.
> I do not want any filtering between these too part.
> I put:
> router bridge inface br0 outface br0
> client all accept
>
> It did not work: NEW, ESTABLISHED and RELATED packets go through, but some
> INVALID packets were here (I do not search why) and were filtered.
> I solve this by putting:
> router bridge inface br0 outface br0
> policy accept
>
> It has been difficult for me to find the problem because nothing in the log
> shows the state of packets. Inspecting with "iptables -L", adding some logs
> and trying some new iptables rules allow me to find the problem with
> INVALID dropped packets. Then google with firehol and INVALID finds the
> solution with the "policy accept" statement.
>
> Regards,
> Vincent
>
> > Regards,
> > Laurento
> >
> >
> > ------------------------------------------------------------------------------
> > _______________________________________________
> > Firehol-support mailing list
> > Firehol-support at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/firehol-support
> >
>
More information about the Firehol-support
mailing list