Mailinglist Archive: opensuse (2803 mails)
| < Previous | Next > |
[opensuse] Firewall & UDP
- From: Koenraad Lelong <k.lelong@xxxxxxxxxxxxxxxxxx>
- Date: Fri, 11 Jul 2008 12:38:04 +0200
- Message-id: <4877380C.3010205@xxxxxxxxxxxxxxxxxx>
Hi,
I setup my 10.3 firewall to 'protect firewall from internal zone'. The machine runs squid and I'm trying to get the users to authenticate themselves. I setup squid to use smb_auth but it doesn't work.
When I stop the firewall, or disable 'protect firewall from internal zone' it works fine.
I tracked it down to the udp-protocol that's used by smb_auth. The squid machine sends a request to the samba-server to port 137 (or is it 139, don't remember exactly). Samba responds from this port to the originating port. If I open that originating port in the firewall it works, but not for long. Sometime later another port is used as source and the responses from samba are dropped.
I tried adding samba-server to the allowed services but this does not help.
Any solution for this, besides disabling the "protection from internal zone" ?
--
Met vriendelijke groeten,
Koenraad Lelong
begin:vcard
fn:Koenraad Lelong
n:Lelong;Koenraad
org:ACE electronics
adr:;;IZ Webbekom 2118;Diest;VlaBra;3290;Belgie
email;internet:k.lelong@xxxxxxxxxxxxxxxxxx
title:R&D Manager
tel;work:+32 13 531906
tel;fax:+32 13 531908
x-mozilla-html:FALSE
url:www.ace-electronicss.be
version:2.1
end:vcard
I setup my 10.3 firewall to 'protect firewall from internal zone'. The machine runs squid and I'm trying to get the users to authenticate themselves. I setup squid to use smb_auth but it doesn't work.
When I stop the firewall, or disable 'protect firewall from internal zone' it works fine.
I tracked it down to the udp-protocol that's used by smb_auth. The squid machine sends a request to the samba-server to port 137 (or is it 139, don't remember exactly). Samba responds from this port to the originating port. If I open that originating port in the firewall it works, but not for long. Sometime later another port is used as source and the responses from samba are dropped.
I tried adding samba-server to the allowed services but this does not help.
Any solution for this, besides disabling the "protection from internal zone" ?
--
Met vriendelijke groeten,
Koenraad Lelong
begin:vcard
fn:Koenraad Lelong
n:Lelong;Koenraad
org:ACE electronics
adr:;;IZ Webbekom 2118;Diest;VlaBra;3290;Belgie
email;internet:k.lelong@xxxxxxxxxxxxxxxxxx
title:R&D Manager
tel;work:+32 13 531906
tel;fax:+32 13 531908
x-mozilla-html:FALSE
url:www.ace-electronicss.be
version:2.1
end:vcard
| < Previous | Next > |