Tom Eastep 2002-10-22 2002 Thomas M. Eastep Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the license is included in the section entitled GNU Free Documentation License. If you wish to run Samba on your firewall and access shares between the firewall and local hosts, you need the following rules: /etc/shorewall/rules:ACTIONSOURCEDESTINATIONPROTOCOLPORT(S)SOURCE PORT(S)ORIGINAL DESTACCEPTfwlocudp137:139ACCEPTfwloctcp137,139,445ACCEPTfwlocudp1024:137ACCEPTlocfwudp137:139ACCEPTlocfwtcp137,139,445ACCEPTlocfwudp1024:137 To pass traffic SMB/Samba traffic between zones Z1 and Z2: /etc/shorewall/rules:ACTIONSOURCEDESTINATIONPROTOCOLPORT(S)SOURCE PORT(S)ORIGINAL DESTACCEPTZ1Z2udp137:139ACCEPTZ1Z2tcp137,139,445ACCEPTZ1Z2udp1024:137ACCEPTZ2Z1udp137:139ACCEPTZ2Z1tcp137,139,445ACCEPTZ2Z1udp1024:137 To make network browsing (Network Neighborhood) work properly between Z1 and Z2 requires a Windows Domain Controller and/or a WINS server. I run Samba on my firewall to handle browsing between two zones connected to my firewall. Details are here.