Philippe Vogel wrote:
But with the new SuSE Firewall 2 I unable to get this to work. When I set FW_SERVICE_SAMBA, Samba works perfectly for the internal network,
but
from the outside, it is possible to get the Netbios name. When I disable
FW_SERVICE_SAMBA, everything is secure, but computers from the internal network do not work with Samba anymore. I also haven't protected the
new
firewall against the internal network. Is it possible to get Samba to work like it did with the old Firewall,
from
outside nothing, from inside everything?
Change /sbin/SuSEfirewall2
Go to line after:
######################### # Special SAMBA support # #########################
Change existing entries to this:
test "$FW_SERVICE_SAMBA" = yes && { $LAA $IPTABLES -A INPUT -j LOG ${LOG}" fp=NI a=ACCEPT " -p udp --dport 137:138 -s $LOCALNET_1 # Samba for local Net only $IPTABLES -A INPUT -j "$ACCEPT" -m state --state NEW,ESTABLISHED,RELATED -p udp --dport 137:138 -s $LOCALNET_1 # Samba for local Net only }
Add
LOCALNET_1"123.123.123.0/24"
to allow net 123.123.123.0/24 Access to local Samba Server!
Philippe
P.S.: I added some rules for blocking as well, this is a feature I miss in SuSEfirewall1/2 as well!
Thanks a lot! It works great now! The only thing was that I had to add a '=' after LOCALNET_1. Weird this isn't supported by SuSE Firewall 2 by default, with SuSE 6.4 there wasn't even an FW_SERVICE_SAMBA, it just worked as expected.