Hi there,
I am having some trouble getting my IPSec settings correct for filesharing on my lan. Before you tell me about secutiry concerns I will say that the fileserver is for local traffic only and is behind our firewall.
Currently, my policy looks like this:
filterlist="SMB" srcaddr=any dstaddr=any description="SMB Traffic" protocol=TCP srcport=0 dstport=445
filterlist="SMB" srcaddr=any dstaddr=any description="SMB Traffic" protocol=UDP srcport=0 dstport=445
filterlist="SMB" srcaddr=any dstaddr=any description="SMB Traffic" protocol=TCP srcport=0 dstport=135
filterlist="SMB" srcaddr=any dstaddr=any description="SMB Traffic" protocol=TCP srcport=0 dstport=136
filterlist="SMB" srcaddr=any dstaddr=any description="SMB Traffic" protocol=TCP srcport=0 dstport=137
filterlist="SMB" srcaddr=any dstaddr=any description="SMB Traffic" protocol=TCP srcport=0 dstport=138
filterlist="SMB" srcaddr=any dstaddr=any description="SMB Traffic" protocol=TCP srcport=0 dstport=139
filterlist="SMB" srcaddr=any dstaddr=any description="SMB Traffic" protocol=UDP srcport=0 dstport=135
filterlist="SMB" srcaddr=any dstaddr=any description="SMB Traffic" protocol=UDP srcport=0 dstport=136
filterlist="SMB" srcaddr=any dstaddr=any description="SMB Traffic" protocol=UDP srcport=0 dstport=137
filterlist="SMB" srcaddr=any dstaddr=any description="SMB Traffic" protocol=UDP srcport=0 dstport=138
filterlist="SMB" srcaddr=any dstaddr=any description="SMB Traffic" protocol=UDP srcport=0 dstport=139
I need 135-139 open because I have a linux client and 2 windows 95 clients which cannot be removed or replaced at the moment.
Unfortunately, I cannot connect to shares or even resolve the hostname of the server from clients (this includes XP clients which should work even if only 445 is open). I should mention the network is a workgroup and I do not have a WINS server.
Any help is greatly apprecieted!
Stephen
I am having some trouble getting my IPSec settings correct for filesharing on my lan. Before you tell me about secutiry concerns I will say that the fileserver is for local traffic only and is behind our firewall.
Currently, my policy looks like this:
filterlist="SMB" srcaddr=any dstaddr=any description="SMB Traffic" protocol=TCP srcport=0 dstport=445
filterlist="SMB" srcaddr=any dstaddr=any description="SMB Traffic" protocol=UDP srcport=0 dstport=445
filterlist="SMB" srcaddr=any dstaddr=any description="SMB Traffic" protocol=TCP srcport=0 dstport=135
filterlist="SMB" srcaddr=any dstaddr=any description="SMB Traffic" protocol=TCP srcport=0 dstport=136
filterlist="SMB" srcaddr=any dstaddr=any description="SMB Traffic" protocol=TCP srcport=0 dstport=137
filterlist="SMB" srcaddr=any dstaddr=any description="SMB Traffic" protocol=TCP srcport=0 dstport=138
filterlist="SMB" srcaddr=any dstaddr=any description="SMB Traffic" protocol=TCP srcport=0 dstport=139
filterlist="SMB" srcaddr=any dstaddr=any description="SMB Traffic" protocol=UDP srcport=0 dstport=135
filterlist="SMB" srcaddr=any dstaddr=any description="SMB Traffic" protocol=UDP srcport=0 dstport=136
filterlist="SMB" srcaddr=any dstaddr=any description="SMB Traffic" protocol=UDP srcport=0 dstport=137
filterlist="SMB" srcaddr=any dstaddr=any description="SMB Traffic" protocol=UDP srcport=0 dstport=138
filterlist="SMB" srcaddr=any dstaddr=any description="SMB Traffic" protocol=UDP srcport=0 dstport=139
I need 135-139 open because I have a linux client and 2 windows 95 clients which cannot be removed or replaced at the moment.
Unfortunately, I cannot connect to shares or even resolve the hostname of the server from clients (this includes XP clients which should work even if only 445 is open). I should mention the network is a workgroup and I do not have a WINS server.
Any help is greatly apprecieted!
Stephen
