On Tuesday 26 September 2006 9:04 pm, Darryl Gregorash wrote:
However, based on your other posts (2 others thus far), I suspect you will be best served by defining your devices to be in the external zone, and defining your LAN net/mask in the FW_TRUSTED_NETS variable, ie. FW_TRUSTED_NETS="192.168.0.0/24" (you will have to change this if you ever change the net on the router). At this point, you should check to see that your Samba networking is functioning properly (it should be, and if it is not, verify that the router is not blocking the traffic before making any further changes on any workstation). If you have any NFS or CUPS functionality within the LAN, it should also be tested. Again, if the services are properly configured but do not work, check the router first.
I thought I had solved the problem, but I had not. I did set FW_TRUSTED_NETS to 192.168.0.1/255 but still got the message: Unable to find any workgroups in your local network. This might be caused by an enabled firewall. Using Joe Morris's suggestion of enabling tcp 139, udp 137, and udp 138 (via the Advanced section of the Yast firewall section, Allowed Services, Advanced, I was able to get Samba going. But that wasn't quite what I wanted because it opened up Samba to the entire external universe. The documentation of the FW_TRUSTED_NETS setting is confusing: Which services should be accessible from trusted hosts/nets? Define trusted hosts/networks (doesnt matter if they are internal or external) and the TCP and/or UDP services they are allowed to use. Please note that a trusted host/net is *not* allowed to ping the firewall until you set it to allow also icmp! Choice: leave FW_TRUSTED_NETS empty or any number of computers and/or networks, seperated by a space. e.g. "172.20.1.1 172.20.0.0/16" Optional, enter a protocol after a comma, e.g. "1.1.1.1,icmp" Optional, enter a port after a protocol, e.g. "2.2.2.2,tcp,22" That seems to imply that I would need to specify the 3 Samba services that Joe cited plus any others I might want; a trusted host gets no extra services except those specifically given with something like this: 192.168.0.1/255,tcp,139,udp,137,udp,138 That didn't seem to work, however, possibly because I have the syntax wrong (the description of the parameter is vague about the correct way to specify several services). Any ideas? Paul