sorry Miguel,
this makes no difference - still not working
----- Original Message -----
From: "Miguel Albuquerque"
Togan Muftuoglu wrote:
* Torsten Schaefer;
on 13 Nov, 2002 wrote: Hi,
I have a problem to get samba running under susefirewall2 (SUSE8.0). The TCP port 139 is enabled in the FW rules, but if I'm running the FW in testmode I get the errormessage below. See also my firewallconfig below. Hopefully anyone is able to help - I wasted a lot of time without success.
It would have been easier if you trim your lines at say 75 characters
Nov 13 23:04:40 server kernel: SuSE-FW-UNAUTHORIZED-TARGET IN=eth0 OUT= MAC=00:e0:7d:a2:68:29:00:10:5a:f1:4f:e1:08:00 SRC=192.168.0.22 DST=192.168.0.19 LEN=116 TOS=0x00 PREC=0x00 TTL=128 ID=37420 DF
PROTO=TCP
SPT=1254 DPT=139 WINDOW=32408 RES=0x00 ACK PSH URGP=0
FW_MASQ_NETS="0/0"
You do not want to have this like that use as 192.168.0.0/24 ( whatever your LAN topology is)
FW_PROTECT_FROM_INTERNAL="no"
ange to yes
FW_AUTOPROTECT_SERVICES="no"
change yes
FW_SERVICES_EXT_TCP=" http https imap imaps pop3 pop3s rsync smtp ssh telnet"
Are you realy proving all these services to the world (which are served on your Firewall machine) or are you trying to use them from your LAN. If the latter remove all of them
FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes"
change to no
FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"
Change to DNS
FW_KERNEL_SECURITY="no"
change to yes once you get everything working
FW_ALLOW_FW_TRACEROUTE="yes"
If you want to have traceroutes coming to your firewall then ALLOW_HIGHCOMING_UDP else change here to no
I'd say that you need port 137 enabled as well if you want netbios name resolution to your win clients...
Peace -- .-. e-SecureNet /v\ We Run SuSE Project Manager // \\ *The LINUX Experts* c/o Miguel Albuquerque /( )\ Av. Miremont 46 ^^-^^ 1202 - GE, SWITZERLAND
Tel: +41 (22) 782 5344 Fax: +41 (22) 782 5348 mailto:mfoacs@e-securenet.ch http://www.e-securenet.ch
"Was Sind und was Sollen die Zahlen?" Dedekind. ____________________________________________________________
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here