M9. wrote:
In my config there are only trusted hosts... (in a windows case there are constantly hosts that are informed
informed?
yes it has to let me know who is going out and going in, and i must be able to shut whatever port i like, in principle..
this is not a firewall but a proxy server. Usually, a firewall blocks all the ports. That means that no communication can be initiated from the exterior to the inside. If inside your computer you ask an application to go and search, this is allowed.
If some host wants to enter my pc, i want to know this,
what does this mean for you?? all what an external program can do on your computer is read a port or write a port. closing a port means only that this write is rejected (or simply ignored). In fact, if no application is listening (by reading this port), the write *is* ignored
If i give a password to a host, it can enter without noticing me, as long as i want to let the firewall exept the password.
this may be the windows way of life, but it's not Linux one. if I do "ssh <somecomputer>", my ssh will try to write to the ssh port of this computer. If, for example, it's a windows 98 with no firewall at all, but with no ssh server neither, nothing is going on and I cannot enter to enter a computer you must have a server that allows this
A good firewall can handele this perfectly, with just one card.
nope. untrusted pc can attack a trusted one. This is like having all computers exposed to the exterior and youi have to protect all of them
As i understand, only for the ports used by samba for the LAN?
well, the windows smb implementation seems to be programed in an evil way and don't use always the same ports, so one must let many ones open (that is may listen to these ports and answer to them) and this is unsecure.
use of samba server on suse fixes the permission problem.
Samba server i did not use before...
how did you grant access to your linux computer from windows then? access must be done on the host: * by a standard protocol (smb, ssh, ftp, http...) accepted by a server * by two applications sharing the same port anyway, if you had a working config one day, and now it's no more working, there is to have been a change in between :-) jdd jdd -- http://www.dodin.net --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org