Am Samstag, 10. Februar 2007 04:27 schrieb Volker Kuhlmann:
It worked in 9.3 (if I remember right), and it's actually an obstacle for new users who try to configure samba, do that properly in Yast, but can't browse the local network even after selecting "Open firewall ports" in the Samba server yast tool.
Just put the respective network interface into the Internal Zone, it has all ports opened by default.
You can't be serious with that suggestion. Most computers have one network interface, so it's equivalent to "uninstall SuSEfirewall". The "internal" and "DMZ" interfaces are only useful when the box is a router, otherwise all interfaces are "external". Fix yast to open appropriate ports in the firewall config, as happens for any other service as well.
Ok, let's repeat the whole thing again. ;-)
Yes, putting the network interface into the Internal Zone basically means you
switch of your firewall. But if we had a firewall rule that just opened all
the ports we'd need to open to get SMB share browsing to work the effect
would be nearly the same.
It's as simple as that: Firewall on: No share browsing; firewall off: share
browsing works, but less security.
The only secure solution would be an "intelligent" firewall, something similar
to the "personal firewalls" on Windows. This is a long-term project, not
something we can change in the current SuSEfirewall by just adding
appropriate Samba rules.
Cheers
Joachim
--
Joachim Werner