NethServer Version: 7.9.2009
Module:
- VPN: 1.7.2
- File server: 4.6.0
- Firewall: 3.19.1
Dear all,
I would like to request help, guidance and suggestions to solve the following issue.
I am in the process of setting up a NethServer to replace a ClearOS small infra. Amongst other services, NethServer is responsible for firewalling, file server (SMB) and VPN (openVPN) services.
Here follows a short description of the setup:
- Green (bridge) and Red interface
- OpenVPN: tunnel client (P2P topology) to remote network ; operate as expected (able to connect by ssh to the NethServer from client on the remote network)
- Firewall : no specific setup so far (the NethServer is in test phase ; additional rules might be added later)
- Trusted networks : remote network range added
- SMB: no issue to connect to SMB share through a linux client on the physical Green network
The concern is that I can not connect to SMB share from the remote network.
Additional information:
- nmap scan from Green physical network
nmap 192.168.50.1
Starting Nmap 7.80 ( https://nmap.org ) at 2023-06-19 00:05 CEST
Nmap scan report for 192.168.50.1
Host is up (0.026s latency).
Not shown: 982 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop3
111/tcp open rpcbind
139/tcp open netbios-ssn
143/tcp open imap
443/tcp open https
445/tcp open microsoft-ds
465/tcp open smtps
587/tcp open submission
993/tcp open imaps
995/tcp open pop3s
3128/tcp open squid-http
3306/tcp open mysql
5190/tcp open aol
9090/tcp open zeus-admin
Nmap done: 1 IP address (1 host up) scanned in 1.12 seconds
- nmap scan from remote network
nmap 192.168.50.1
Starting Nmap 7.80 ( https://nmap.org ) at 2023-06-19 00:05 CEST
Nmap scan report for 192.168.50.1
Host is up (0.026s latency).
Not shown: 982 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop3
111/tcp open rpcbind
139/tcp filtered netbios-ssn
143/tcp open imap
443/tcp open https
445/tcp filtered microsoft-ds
465/tcp open smtps
587/tcp open submission
993/tcp open imaps
995/tcp open pop3s
3128/tcp open squid-http
3306/tcp open mysql
5190/tcp filtered aol
9090/tcp open zeus-admin
Nmap done: 1 IP address (1 host up) scanned in 1.53 seconds
I may be wrong but it looks like the smb ports can not be reached. I am not familiar with Shorewall and roughly looked into the setup:
- interfaces: ovpn is declared in interfaces (ovpn tun+)
- smb rules are active fro Green
# Service: smb Access: green
#
?COMMENT smb
ACCEPT loc $FW tcp 139
#ACCEPT $FW loc tcp 139
?COMMENT smb
ACCEPT loc $FW tcp 445
#ACCEPT $FW loc tcp 445
- No rules for openvpn:
#
# 90openvpn-tunnels
#
I am slightly puzzled about this situation and rather than âplayingâ I would be very grateful for guidance and advice.
Best regards,
SmoothFroggy