[Bug 462307] New: Cannot open SuSEfirewall2 for Samba using Yast2
https://bugzilla.novell.com/show_bug.cgi?id=462307 Summary: Cannot open SuSEfirewall2 for Samba using Yast2 Product: openSUSE 11.1 Version: Final Platform: i586 OS/Version: openSUSE 11.1 Status: NEW Severity: Major Priority: P5 - None Component: YaST2 AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: swerdna@opensuse-forums.org QAContact: jsrain@novell.com Found By: Community User I have so much trouble getting the terminology right that I will be a bit pedantic in this report or I'll get it wrong. If Samba is to operate in openSUSE 11.1 when SuSEfirewall2 is running, then five entries in the file /etc/sysconfig/SuSEfirewall2 are enabled as follows: The first is FW_DEV_EXT is set to include the network interface/s There is a Yast2 tool for this at Security and Users --> Firewall --> Interfaces and it works The second is FW_SERVICES_EXT_TCP is set to include 139 and 445 (or their respective synonyms netbios-ssn and microsoft-ds) There is a tool for this at Security and Users --> Firewall --> Allowed Services --> Add Service --> Samba Server and it does not work. The third is: This tool in past releases (like 11.0) concurrently sets the third parameter FW_SERVICES_EXT_UDP to include 137 and 138 (or their respective synonyms netbios-ns and netbios-dgm). The tool (Allowed Services --> Add Service --> Samba Server) does not work for this either. NB this is similar to bug 443132 but it is different in that in bug 443132 the problem that the tool was not present. In my report the tool is present but it does not work. The fourth is FW_ALLOW_FW_BROADCAST_EXT which must be set to "yes" or for better security to 137 and 138 (or their respective synonyms netbios-ns and netbios-dgm). There is a tool for this at Security and Users --> Firewall --> Allowed Services --> Add Service --> Samba Server and it does not work. Once again this is similar to bug 443132 except there was no tool there. Here there is a tool but it doesn't work. There is a second (alternative) tool for this at Firewall --> Broadcast --> External Zone --> here enter netbios-ns and netbios-dgm (or 137 and 138) and click Next. This does work. The fifth is FW_SERVICES_ACCEPT_RELATED_EXT which is set for a world wide trusted network like 0/0 or with better security to the local LAN e.g. 10.1.1.0/24,udp,137 These then are the tools that do and don't work. There is another tool mentioned in bug 443132 (Network Services --> Samba Server --> Startup --> Firewall. That's covered by the bug report presumably but I can confirm that it still doesn't work. The really big issue is that the tool "Security and Users --> Firewall --> Allowed Services --> Add Service --> Samba Server" is a make it or break it tool for Samba users. The three settings that it controls can be fixed/set for Samba in a separate/alternate tool: Yast's etc/sysconfig --> Network --> Firewall tool. But that's so difficult for new users as to be of limited use to the point where users mostly just turn the firewall off or abandon Samba. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=462307
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=462307
User swerdna@opensuse-forums.org added comment
https://bugzilla.novell.com/show_bug.cgi?id=462307#c1
--- Comment #1 from John Andrews
https://bugzilla.novell.com/show_bug.cgi?id=462307
User swerdna@opensuse-forums.org added comment
https://bugzilla.novell.com/show_bug.cgi?id=462307#c2
John Andrews
https://bugzilla.novell.com/show_bug.cgi?id=462307
User swerdna@opensuse-forums.org added comment
https://bugzilla.novell.com/show_bug.cgi?id=462307#c3
--- Comment #3 from John Andrews
https://bugzilla.novell.com/show_bug.cgi?id=462307
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=462307
John Andrews
https://bugzilla.novell.com/show_bug.cgi?id=462307
User lmuelle@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=462307#c4
Lars Müller
https://bugzilla.novell.com/show_bug.cgi?id=462307
User swerdna@opensuse-forums.org added comment
https://bugzilla.novell.com/show_bug.cgi?id=462307#c5
--- Comment #5 from John Andrews
participants (1)
-
bugzilla_noreply@novell.com