http://bugzilla.novell.com/show_bug.cgi?id=551282
http://bugzilla.novell.com/show_bug.cgi?id=551282#c24
Christian Boltz
Before the update, network scanning worked with an active firewall. Now, unless I disable the firewall and open my server to hackers, I can not use network scanning.
I had the same issues with FTP after an update (10.2->11.1) - after some config changes in /etc/sysconfig/SuSEfirewall2 (see below) it works again. Details on http://www.suse.com/relnotes/i386/openSUSE/11.0/RELEASE-NOTES.en.html#10
If you can't fix a broken saned, could you at least allow me to download and use the version that's NOT broken, the one that worked before the update?
If I'm right, the change is in the firewall... (In reply to comment #23)
browsing, you must manually open port TCP 6566 and open the Dynamic ports 49152:65535 on TCP, UDP, and RPC. If you don't, scanning will not work.
These ports can hopefully be tracked as "related" ports so that they don't have to be open always and for everybody. For example, my FTP daemon needs FW_SERVICES_ACCEPT_RELATED_EXT="0/0,tcp,,20000:21000" FW_LOAD_MODULES="ip_conntrack_ftp" I just see that there is also a nf_conntrack_sane module - try adding it to FW_LOAD_MODULES and put the dynamic ports to FW_SERVICES_ACCEPT_RELATED_EXT. If you don't get the firewall config running as described above, asking on the opensuse-security mailinglist might be a good idea ;-) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.