I'm upgrading from SuSE 6.4 (with the original SuSE Firewall) to SuSE 7.3 (with SuSE Firewall 2). With my 6.4 configuration I had the firewall set up so that it wasn't protected against the internal network and that all computers on my internal network had access to the printer using Samba. From the outside nobody could see I was running Samba according to several sercurity checks on the internet. But with the new SuSE Firewall 2 I unable to get this to work. When I set FW_SERVICE_SAMBA, Samba works perfectly for the internal network, but from the outside, it is possible to get the Netbios name. When I disable FW_SERVICE_SAMBA, everything is secure, but computers from the internal network do not work with Samba anymore. I also haven't protected the new firewall against the internal network. Is it possible to get Samba to work like it did with the old Firewall, from outside nothing, from inside everything? Thanks in advance.
Don't use FW_SERVICE_SAMBA. Just set that to no, and add the following: FW_SERVICES_INT_TCP="139 445" FW_SERVICES_INT_UDP="137:138" That will allow computers on the inside to use all Microsoft services, including network browsing etc, and outside netbios shite is still blocked HTH Stefan Z_God wrote:
I'm upgrading from SuSE 6.4 (with the original SuSE Firewall) to SuSE 7.3 (with SuSE Firewall 2). With my 6.4 configuration I had the firewall set up so that it wasn't protected against the internal network and that all computers on my internal network had access to the printer using Samba. From the outside nobody could see I was running Samba according to several sercurity checks on the internet. But with the new SuSE Firewall 2 I unable to get this to work. When I set FW_SERVICE_SAMBA, Samba works perfectly for the internal network, but from the outside, it is possible to get the Netbios name. When I disable FW_SERVICE_SAMBA, everything is secure, but computers from the internal network do not work with Samba anymore. I also haven't protected the new firewall against the internal network. Is it possible to get Samba to work like it did with the old Firewall, from outside nothing, from inside everything? Thanks in advance.
As an afterthought: be sure to set FW_SERVICE_AUTODETECT to no or samba will be detected and the outside ports will still be opened Stefan Suurmeijer wrote:
Don't use FW_SERVICE_SAMBA. Just set that to no, and add the following:
FW_SERVICES_INT_TCP="139 445" FW_SERVICES_INT_UDP="137:138"
That will allow computers on the inside to use all Microsoft services, including network browsing etc, and outside netbios shite is still blocked
HTH
Stefan
Z_God wrote:
I'm upgrading from SuSE 6.4 (with the original SuSE Firewall) to SuSE 7.3 (with SuSE Firewall 2). With my 6.4 configuration I had the firewall set up so that it wasn't protected against the internal network and that all computers on my internal network had access to the printer using Samba. From the outside nobody could see I was running Samba according to several sercurity checks on the internet. But with the new SuSE Firewall 2 I unable to get this to work. When I set FW_SERVICE_SAMBA, Samba works perfectly for the internal network, but from the outside, it is possible to get the Netbios name. When I disable FW_SERVICE_SAMBA, everything is secure, but computers from the internal network do not work with Samba anymore. I also haven't protected the new firewall against the internal network. Is it possible to get Samba to work like it did with the old Firewall, from outside nothing, from inside everything? Thanks in advance.
I added the ports, but it doesn't seem to work. I have firewall protection from the internal network disabled, so I think the firewall allready is allowing access to all ports from computers on the inside. Stefan Suurmeijer wrote:
Don't use FW_SERVICE_SAMBA. Just set that to no, and add the following:
FW_SERVICES_INT_TCP="139 445" FW_SERVICES_INT_UDP="137:138"
That will allow computers on the inside to use all Microsoft services, including network browsing etc, and outside netbios shite is still blocked
HTH
Stefan
Z_God wrote:
I'm upgrading from SuSE 6.4 (with the original SuSE Firewall) to SuSE 7.3 (with SuSE Firewall 2). With my 6.4 configuration I had the firewall set up so that it wasn't protected against the internal network and that all computers on my internal network had access to the printer using Samba. From the outside nobody could see I was running Samba according to several sercurity checks on the internet. But with the new SuSE Firewall 2 I unable to get this to work. When I set FW_SERVICE_SAMBA, Samba works perfectly for the internal network, but from the outside, it is possible to get the Netbios name. When I disable FW_SERVICE_SAMBA, everything is secure, but computers from the internal network do not work with Samba anymore. I also haven't protected the new firewall against the internal network. Is it possible to get Samba to work like it did with the old Firewall, from outside nothing, from inside everything? Thanks in advance.
participants (2)
-
Stefan Suurmeijer -
Z_God