On 29/09/06 17:32, Paul Abrahams wrote:
On Friday 29 September 2006 5:23 pm, Darryl Gregorash wrote:
If it is possible, please set FW_TRUSTED_NETS to just 192.168.0.0/24, restart the firewall, and then run:
iptables-save
The results of this should tell us what is going on.This should work without having to specify a bunch of protocol/port options.
Here you are:
<snip> -A INPUT -i eth0 -j input_ext <snip> -A input_ext -m pkttype --pkt-type broadcast -j DROP
-A input_ext -s 192.168.0.0/255.255.255.0 -m limit --limit 3/min -m state --state NEW -j LOG --log-prefix "SFW2-INext-ACC-TRUST " --log-tcp-options --log-ip-options -A input_ext -s 192.168.0.0/255.255.255.0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT Windows uses broadcasts extensively in its file sharing, so refusing all broadcasts is the reason why a Windows client cannot see the shares (as you mentioned in your next post). I believe if you set FW_ALLOW_FW_BROADCAST_EXT="137" in /etc/sysconfig/SuSEfirewall2, things should work again. Sorry I didn't catch this earlier, but I never even
OK, those are the first two rules in the input chains. After some icmp stuff comes: thought to ask you if you were denying broadcasts -- I just assumed that if you were using Samba, you must be allowing port 137 broadcasts. Please see the firewall config file for a discussion of how this variable works.
Hope this helps. Did you want me to try a Samba access from some other machine?
Paul