[RoLUG] Problema FIREHOL + SAMBA.
Filippo Gennari
filippo.gennari@gmail.com
Mar 19 Ago 2008 17:59:29 CEST
Ciao Ragazzi,
Ho creato una rete elementare per il mio studio usando samba. È sempre
funzionata grossomodo, ma da quando ho installato Firehol sui clients,
non ne vuol sapere. Il firewall impedisce di visualizzare la rete
attraverso Konqueror!
Premetto che il comando lanciato in una console:
smbclient //192.168.1.5/share
funziona invece.
Qualcuno ha rilevato lo stesso problema, per caso? Potreste darmi una
mano nella configurazione del file /etc/firehol/firehol.conf ?
Riporto alla Vs. attenzione il file incriminato.
#!/sbin/firehol
#
------------------------------------------------------------------------------
# This feature is under construction -- use it with care.
# *** NEVER USE THIS CONFIG AS-IS ***
#
# : firehol.sh,v 1.256 2007/05/22 22:52:53 ktsaou Exp $
# (C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
# FireHOL is distributed under GPL.
# Home Page: http://firehol.sourceforge.net
#
#
------------------------------------------------------------------------------
# FireHOL controls your firewall. You should want to get updates quickly.
# Subscribe (at the home page) to get notified of new releases.
#
------------------------------------------------------------------------------
#
# This config will have the same effect as NO PROTECTION!
# Everything that found to be running, is allowed.
#
# Date: gio ago 7 18:51:00 UTC 2008 on host vaio
#
# The TODOs bellow, are YOUR to-dos!
### DEBUG: Processing interface 'eth0'
### DEBUG: Processing IP 192.168.1.5 of interface 'eth0'
### DEBUG: Is 192.168.1.5 part of network 192.168.1.0/24? yes
# Interface No 1.
# The purpose of this interface is to control the traffic
# on the eth0 interface with IP 192.168.1.5 (net: "192.168.1.0/24").
# TODO: Change "interface1" to something with meaning to you.
# TODO: Check the optional rule parameters (src/dst).
# TODO: Remove 'dst 192.168.1.5' if this is dynamically assigned.
interface eth0 interface1 src "192.168.1.0/24" dst 192.168.1.5
# The default policy is DROP. You can be more polite with REJECT.
# Prefer to be polite on your own clients to prevent timeouts.
policy drop
# If you don't trust the clients behind eth0 (net "192.168.1.0/24"),
# add something like this.
# > protection strong
# Here are the services listening on eth0.
# TODO: Normally, you will have to remove those not needed.
server ICMP accept
server cups accept
server ident accept
server ms_ds accept
server ntp accept
server samba accept
server ssh accept
server time accept
# The following eth0 server ports are not known by FireHOL:
# udp/512
# TODO: If you need any of them, you should define new services.
# (see Adding Services at the web site -
http://firehol.sf.net).
# The following means that this machine can REQUEST anything via
eth0.
# TODO: On production servers, avoid this and allow only the
# client services you really need.
client all accept
### DEBUG: Is 192.168.1.1 part of network 192.168.1.0/24? yes
### DEBUG: Default gateway 192.168.1.1 is part of network 192.168.1.0/24
# Interface No 2.
# The purpose of this interface is to control the traffic
# from/to unknown networks behind the default gateway 192.168.1.1 .
# TODO: Change "interface2" to something with meaning to you.
# TODO: Check the optional rule parameters (src/dst).
# TODO: Remove 'dst 192.168.1.5' if this is dynamically assigned.
interface eth0 interface2 src not "${UNROUTABLE_IPS} 192.168.1.0/24" dst
192.168.1.5
# The default policy is DROP. You can be more polite with REJECT.
# Prefer to be polite on your own clients to prevent timeouts.
policy drop
# If you don't trust the clients behind eth0 (net not
"${UNROUTABLE_IPS} 192.168.1.0/24"),
# add something like this.
# > protection strong
# Here are the services listening on eth0.
# TODO: Normally, you will have to remove those not needed.
server ICMP accept
server cups accept
server ident accept
server ms_ds accept
server ntp accept
server samba accept
server ssh accept
server time accept
# The following eth0 server ports are not known by FireHOL:
# udp/512
# TODO: If you need any of them, you should define new services.
# (see Adding Services at the web site -
http://firehol.sf.net).
# The following means that this machine can REQUEST anything via
eth0.
# TODO: On production servers, avoid this and allow only the
# client services you really need.
client all accept
# The above 2 interfaces were found active at this moment.
# Add more interfaces that can potentially be activated in the future.
# FireHOL will not complain if you setup a firewall on an interface that is
# not active when you activate the firewall.
# If you don't setup an interface, FireHOL will drop all traffic from or to
# this interface, if and when it becomes available.
# Also, if an interface name dynamically changes (i.e. ppp0 may become ppp1)
# you can use the plus (+) character to match all of them (i.e. ppp+).
# No router statements have been produced, because your server
# is not configured for forwarding traffic.
Grazie ancora. Ciao a tutti.
--
Filippo Gennari.
Questa mail può essere firmata/cifrata con GnuPG. Key ID: 0xEF4A6164.
-------------- parte successiva --------------
Un allegato non testuale è stato rimosso....
Nome: signature.asc
Tipo: application/pgp-signature
Dimensione: 898 bytes
Descrizione: OpenPGP digital signature
Url: http://lists.linux.it/pipermail/rolug/attachments/20080819/4fde8fb1/attachment.pgp
Maggiori informazioni sulla lista
RoLUG