Togan,
you are right that your config is more safe, but samba still doesn't work.
torsten
----- Original Message -----
From: "Togan Muftuoglu"
* Torsten Schaefer;
on 13 Nov, 2002 wrote: Hi,
I have a problem to get samba running under susefirewall2 (SUSE8.0). The TCP port 139 is enabled in the FW rules, but if I'm running the FW in testmode I get the errormessage below. See also my firewallconfig below. Hopefully anyone is able to help - I wasted a lot of time without success.
It would have been easier if you trim your lines at say 75 characters
Nov 13 23:04:40 server kernel: SuSE-FW-UNAUTHORIZED-TARGET IN=eth0 OUT= MAC=00:e0:7d:a2:68:29:00:10:5a:f1:4f:e1:08:00 SRC=192.168.0.22 DST=192.168.0.19 LEN=116 TOS=0x00 PREC=0x00 TTL=128 ID=37420 DF PROTO=TCP SPT=1254 DPT=139 WINDOW=32408 RES=0x00 ACK PSH URGP=0
FW_MASQ_NETS="0/0"
You do not want to have this like that use as 192.168.0.0/24 ( whatever your LAN topology is)
FW_PROTECT_FROM_INTERNAL="no"
ange to yes
FW_AUTOPROTECT_SERVICES="no"
change yes
FW_SERVICES_EXT_TCP=" http https imap imaps pop3 pop3s rsync smtp ssh
telnet"
Are you realy proving all these services to the world (which are served on your Firewall machine) or are you trying to use them from your LAN. If the latter remove all of them
FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes"
change to no
FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"
Change to DNS
FW_KERNEL_SECURITY="no"
change to yes once you get everything working
FW_ALLOW_FW_TRACEROUTE="yes"
If you want to have traceroutes coming to your firewall then ALLOW_HIGHCOMING_UDP else change here to no
--
Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here