[Bug 541958] New: Yast2 Samba Server module does not open enough in SuSEfirewall to allow traffic
http://bugzilla.novell.com/show_bug.cgi?id=541958 Summary: Yast2 Samba Server module does not open enough in SuSEfirewall to allow traffic Classification: openSUSE Product: openSUSE 11.2 Version: Factory Platform: All OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: YaST2 AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: johanp@aditus.nu QAContact: jsrain@novell.com Found By: --- User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.2) Gecko/20090730 SUSE/3.5.2-1.2 Firefox/3.0.7, Ant.com Toolbar 1.3 The Yast2 module for Samba Server have a tick box marked "Open ports in firewall" that gives the illusion that marking this tick box would allow Samba traffic to go through the server to the samba server. However that is not the case. Additional setting in the firewall is needed to make the samba server functional. The following additional changes are necessary in "/etc/sysconfig/SuSEfirewall2" 1) Open TCP ports 135,139 and 445 FW_SERVICES_EXT_TCP = "135 139 445" 2) Open UDP posrt 137 and 138 FW_SERVICES_EXT_UDP = "137 138" 3) Allow broadcasts FW_ALLOW_FW_BROADCAST_EXT = "yes" A configuration dialogue is needed as well since a trusted network needs to be assigned in order to browse, i.e. FW_TRUSTED_NETS, for example FW_TRUSTED_NETS="192.168.0.0/24" But this must be configured by the user so it matches the subnet that the Samba server sits on. The alternative to do these fixes is to remove the "Open ports in firewall" and ask te user to do this manually since it is broken anyway. Reproducible: Always Steps to Reproduce: 1. Eetup a Samba server via Yast2 2. 3. Expected Results: That the samba server is fully functional even with SuSEfirewall2 enabled Note: Same problem with FTP Yast2 module which I have reported separately -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=541958
Marcus Meissner
http://bugzilla.novell.com/show_bug.cgi?id=541958
User lnussel@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=541958#c1
--- Comment #1 from Ludwig Nussel
http://bugzilla.novell.com/show_bug.cgi?id=541958
User locilka@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=541958#c2
Lukas Ocilka
http://bugzilla.novell.com/show_bug.cgi?id=541958
User lnussel@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=541958#c3
Ludwig Nussel
http://bugzilla.novell.com/show_bug.cgi?id=541958
User locilka@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=541958#c4
Lukas Ocilka
http://bugzilla.novell.com/show_bug.cgi?id=541958
Yang Bo
http://bugzilla.novell.com/show_bug.cgi?id=541958
User boyang@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=541958#c5
--- Comment #5 from Yang Bo
http://bugzilla.novell.com/show_bug.cgi?id=541958
User johanp@aditus.nu added comment
http://bugzilla.novell.com/show_bug.cgi?id=541958#c6
--- Comment #6 from Johan Persson
http://bugzilla.novell.com/show_bug.cgi?id=541958
User lnussel@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=541958#c7
--- Comment #7 from Ludwig Nussel
http://bugzilla.novell.com/show_bug.cgi?id=541958
User albert.passalacqua@gmail.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=541958#c8
--- Comment #8 from Alberto Passalacqua
http://bugzilla.novell.com/show_bug.cgi?id=541958
User albert.passalacqua@gmail.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=541958#c9
--- Comment #9 from Alberto Passalacqua
http://bugzilla.novell.com/show_bug.cgi?id=541958
http://bugzilla.novell.com/show_bug.cgi?id=541958#c10
Yang Bo
http://bugzilla.novell.com/show_bug.cgi?id=541958
http://bugzilla.novell.com/show_bug.cgi?id=541958#c11
Malvern Star
http://bugzilla.novell.com/show_bug.cgi?id=541958
http://bugzilla.novell.com/show_bug.cgi?id=541958#c12
Malvern Star
http://bugzilla.novell.com/show_bug.cgi?id=541958
http://bugzilla.novell.com/show_bug.cgi?id=541958#c
yang xiaoyu
http://bugzilla.novell.com/show_bug.cgi?id=541958
http://bugzilla.novell.com/show_bug.cgi?id=541958#c13
Jiří Suchomel
http://bugzilla.novell.com/show_bug.cgi?id=541958
http://bugzilla.novell.com/show_bug.cgi?id=541958#c14
Ludwig Nussel
http://bugzilla.novell.com/show_bug.cgi?id=541958
http://bugzilla.novell.com/show_bug.cgi?id=541958#c15
Malvern Star
https://bugzilla.novell.com/show_bug.cgi?id=541958
https://bugzilla.novell.com/show_bug.cgi?id=541958#c16
--- Comment #16 from Johan Persson
https://bugzilla.novell.com/show_bug.cgi?id=541958
https://bugzilla.novell.com/show_bug.cgi?id=541958#c17
Malvern Star
https://bugzilla.novell.com/show_bug.cgi?id=541958
https://bugzilla.novell.com/show_bug.cgi?id=541958#c18
Ludwig Nussel
"FIREWALL": CWMFirewallInterfaces::CreateOpenFirewallWidget($[ "services": [ "service:samba-server" ], "display_details": true ]),
So after talking in circles for years this turns out to be the culprit! The broadcast definition is in the netbios-server service file! So yast needs to specify both samba-server and netbios-server here to allow access to the server itself and name resolution. Do'h! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=541958
https://bugzilla.novell.com/show_bug.cgi?id=541958#c19
--- Comment #19 from Malvern Star
https://bugzilla.novell.com/show_bug.cgi?id=541958
https://bugzilla.novell.com/show_bug.cgi?id=541958#c20
Malvern Star
https://bugzilla.novell.com/show_bug.cgi?id=541958
https://bugzilla.novell.com/show_bug.cgi?id=541958#c21
--- Comment #21 from Lukas Ocilka
https://bugzilla.novell.com/show_bug.cgi?id=541958
https://bugzilla.novell.com/show_bug.cgi?id=541958#c23
--- Comment #23 from Malvern Star
https://bugzilla.novell.com/show_bug.cgi?id=541958
https://bugzilla.novell.com/show_bug.cgi?id=541958#c25
--- Comment #25 from Malvern Star
https://bugzilla.novell.com/show_bug.cgi?id=541958
https://bugzilla.novell.com/show_bug.cgi?id=541958#c26
--- Comment #26 from Lukas Ocilka
https://bugzilla.novell.com/show_bug.cgi?id=541958
https://bugzilla.novell.com/show_bug.cgi?id=541958#c27
--- Comment #27 from Malvern Star
https://bugzilla.novell.com/show_bug.cgi?id=541958
https://bugzilla.novell.com/show_bug.cgi?id=541958#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=541958
https://bugzilla.novell.com/show_bug.cgi?id=541958#c30
Lukas Ocilka
https://bugzilla.novell.com/show_bug.cgi?id=541958
https://bugzilla.novell.com/show_bug.cgi?id=541958#c32
--- Comment #32 from Malvern Star
https://bugzilla.novell.com/show_bug.cgi?id=541958
https://bugzilla.novell.com/show_bug.cgi?id=541958#c33
--- Comment #33 from Lukas Ocilka
participants (1)
-
bugzilla_noreply@novell.com