I am still learning how to use SuSEfirewall2 properly and would appreciate a quick piece of advice. I have an external dialup on my SuSE 8.0 box (primary machine) and internal network (on eth0) to WinME games machine and dual boot laptop. All connected on switch box. 2nd & 3rd machines don't need internet so there is no dmz or masquerading, etc. My only non-stealthed port is 113, Ident. As I understand it, I should open port 139 (& or 137?) on my internal lan only; for Samba file sharing to work properly? Is this correct and could someone give me an idea what the relevant line would look like to open internal only (still stealthed externally) in the firewall config? Thanks. Paul
This is working for me - but you will need to check it with others who have more expertise. Brian Marr FW_SERVICES_EXT_TCP="www 139" On Friday 04 October 2002 19:06, Paul Conn wrote:
I am still learning how to use SuSEfirewall2 properly and would appreciate a quick piece of advice.
I have an external dialup on my SuSE 8.0 box (primary machine) and internal network (on eth0) to WinME games machine and dual boot laptop. All connected on switch box. 2nd & 3rd machines don't need internet so there is no dmz or masquerading, etc. My only non-stealthed port is 113, Ident.
As I understand it, I should open port 139 (& or 137?) on my internal lan only; for Samba file sharing to work properly? Is this correct and could someone give me an idea what the relevant line would look like to open internal only (still stealthed externally) in the firewall config?
Thanks. Paul
* Brian Marr;
This is working for me - but you will need to check it with others who have more expertise. Brian Marr FW_SERVICES_EXT_TCP="www 139"
Offering netbies to the world ? bad practice -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
"www' was in the default file. I added the 139. I am using Samba on my LAN and for VMware. Should I do this differently ? Brian Marr On Friday 04 October 2002 19:51, Togan Muftuoglu wrote:
* Brian Marr;
on 04 Oct, 2002 wrote: This is working for me - but you will need to check it with others who have more expertise. Brian Marr FW_SERVICES_EXT_TCP="www 139"
Offering netbies to the world ? bad practice
* Brian Marr;
"www' was in the default file. I added the 139. I am using Samba on my LAN and for VMware. Should I do this differently ?
default should be (and is ) empty. I suggest you have a closer look to the documentation. I can obly suggest it should be somewhere along the lines FW_SERVICES_INT_UDP. I would personally limit it only to specific IP's of the local LAN There is a draft( meaning incomplete) howto for SuSEfirewall2 at http://dinamizm.ath.cx/articles/firewall2.pdf You may want to consider to have a look at that -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
Hmmmmm I think I have got this config wrong somehow : ( The link below did not work here. Brian Marr On Friday 04 October 2002 20:29, Togan Muftuoglu wrote:
* Brian Marr;
on 04 Oct, 2002 wrote: "www' was in the default file. I added the 139. I am using Samba on my LAN and for VMware. Should I do this differently ?
default should be (and is ) empty. I suggest you have a closer look to the documentation. I can obly suggest it should be somewhere along the lines FW_SERVICES_INT_UDP. I would personally limit it only to specific IP's of the local LAN
There is a draft( meaning incomplete) howto for SuSEfirewall2 at http://dinamizm.ath.cx/articles/firewall2.pdf You may want to consider to have a look at that
* Brian Marr;
Hmmmmm I think I have got this config wrong somehow : ( The link below did not work here.
? you should be able to get that wget http://dinamizm.ath.cx/articles/firewall2.pdf -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
Thanks for you prompting Togan. I have removed the offending rule. Am now running with FW_SERVICE_SAMBA="yes" and FW_SERVICES_INT_TCP="139" Samba seems to be working ok thus far. Brian Marr NB not sure about the link. KGhostview has not opened it yet. On Friday 04 October 2002 20:49, Togan Muftuoglu wrote:
* Brian Marr;
on 04 Oct, 2002 wrote: Hmmmmm I think I have got this config wrong somehow : ( The link below did not work here.
? you should be able to get that
* Brian Marr;
Thanks for you prompting Togan.
Not at all the new rules look much better
NB not sure about the link. KGhostview has not opened it yet.
Use Acrobat -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
participants (3)
-
Brian Marr
-
Paul Conn
-
Togan Muftuoglu