Mailinglist Archive: opensuse (3337 mails)

< Previous Next >
Re: [SLE] Samba Firewall Issue with Allowing Highports
  • From: Darryl Gregorash <raven@xxxxxxxxxxxxx>
  • Date: Sun, 23 Apr 2006 12:25:42 -0600
  • Message-id: <444BC6A6.1020600@xxxxxxxxxxxxx>
On 23/04/06 08:21, Carl Hartung wrote:
>On Sunday 23 April 2006 09:33, Andres Mejia wrote:
>
>>They're all 10.0 machines. I found another solution already. There's an
>>option in sysconfig for setting trusted nets in the firewall.
>>FW_TRUSTED_NETS is what it's called. I set all my machines with this
>>option. I'm going to use this option instead of allowing all highports
>>through the firewall.
>>
>
>Would you mind sharing the settings that worked for you? I just tried the
>following (points to a single local M$ box) and Konqueror is still unable to
>find the workgroup "WORKGROUP" when the firewall is up.
>
>192.168.1.45,tcp,udp,139,445
>
>
In general:

FW_SERVICES_INT_TCP="microsoft-ds netbios-dgm netbios-ns netbios-ssn"
FW_SERVICES_INT_UDP="netbios-ns"

and on any samba server:

FW_ALLOW_FW_BROADCAST_INT="netbios-ns"


Setting TRUSTED_NETS will open the ports on all network interfaces, and
it is certainly not necessary to open -all- highports for UDP.

FYI, the port numbers are (see /etc/services)

netbios-ns 137
netbios-dgm 138
netbios-ssn 139
microsoft-ds 445

< Previous Next >