Hi, I have a problem to get samba running under susefirewall2 (SUSE8.0). The TCP port 139 is enabled in the FW rules, but if I'm running the FW in testmode I get the errormessage below. See also my firewallconfig below. Hopefully anyone is able to help - I wasted a lot of time without success. Thanks Torsten Nov 13 23:04:40 server kernel: SuSE-FW-UNAUTHORIZED-TARGET IN=eth0 OUT= MAC=00:e0:7d:a2:68:29:00:10:5a:f1:4f:e1:08:00 SRC=192.168.0.22 DST=192.168.0.19 LEN=116 TOS=0x00 PREC=0x00 TTL=128 ID=37420 DF PROTO=TCP SPT=1254 DPT=139 WINDOW=32408 RES=0x00 ACK PSH URGP=0 FW_DEV_EXT="ppp0" FW_DEV_INT="eth0" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="0/0" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_SERVICES="no" FW_SERVICES_EXT_TCP=" http https imap imaps pop3 pop3s rsync smtp ssh telnet" FW_SERVICES_EXT_UDP="" FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="139 ssh smtp domain netbios-ssn" FW_SERVICES_INT_UDP="domain syslog netbios-dgm netbios-ns" FW_SERVICES_INT_IP="" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="no" FW_SERVICE_SMB="yes" FW_FORWARD="" FW_FORWARD_MASQ="" FW_REDIRECT="" FW_KERNEL_SECURITY="no" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="no" FW_ALLOW_FW_TRACEROUTE="yes" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_ALLOW_FW_BROADCAST="yes" FW_IGNORE_FW_BROADCAST="no" FW_ALLOW_CLASS_ROUTING="no"
* Torsten Schaefer;
Hi,
I have a problem to get samba running under susefirewall2 (SUSE8.0). The TCP port 139 is enabled in the FW rules, but if I'm running the FW in testmode I get the errormessage below. See also my firewallconfig below. Hopefully anyone is able to help - I wasted a lot of time without success.
It would have been easier if you trim your lines at say 75 characters
Nov 13 23:04:40 server kernel: SuSE-FW-UNAUTHORIZED-TARGET IN=eth0 OUT= MAC=00:e0:7d:a2:68:29:00:10:5a:f1:4f:e1:08:00 SRC=192.168.0.22 DST=192.168.0.19 LEN=116 TOS=0x00 PREC=0x00 TTL=128 ID=37420 DF PROTO=TCP SPT=1254 DPT=139 WINDOW=32408 RES=0x00 ACK PSH URGP=0
FW_MASQ_NETS="0/0"
You do not want to have this like that use as 192.168.0.0/24 ( whatever your LAN topology is)
FW_PROTECT_FROM_INTERNAL="no"
ange to yes
FW_AUTOPROTECT_SERVICES="no"
change yes
FW_SERVICES_EXT_TCP=" http https imap imaps pop3 pop3s rsync smtp ssh telnet"
Are you realy proving all these services to the world (which are served on your Firewall machine) or are you trying to use them from your LAN. If the latter remove all of them
FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes"
change to no
FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"
Change to DNS
FW_KERNEL_SECURITY="no"
change to yes once you get everything working
FW_ALLOW_FW_TRACEROUTE="yes"
If you want to have traceroutes coming to your firewall then ALLOW_HIGHCOMING_UDP else change here to no -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
Togan,
you are right that your config is more safe, but samba still doesn't work.
torsten
----- Original Message -----
From: "Togan Muftuoglu"
* Torsten Schaefer;
on 13 Nov, 2002 wrote: Hi,
I have a problem to get samba running under susefirewall2 (SUSE8.0). The TCP port 139 is enabled in the FW rules, but if I'm running the FW in testmode I get the errormessage below. See also my firewallconfig below. Hopefully anyone is able to help - I wasted a lot of time without success.
It would have been easier if you trim your lines at say 75 characters
Nov 13 23:04:40 server kernel: SuSE-FW-UNAUTHORIZED-TARGET IN=eth0 OUT= MAC=00:e0:7d:a2:68:29:00:10:5a:f1:4f:e1:08:00 SRC=192.168.0.22 DST=192.168.0.19 LEN=116 TOS=0x00 PREC=0x00 TTL=128 ID=37420 DF PROTO=TCP SPT=1254 DPT=139 WINDOW=32408 RES=0x00 ACK PSH URGP=0
FW_MASQ_NETS="0/0"
You do not want to have this like that use as 192.168.0.0/24 ( whatever your LAN topology is)
FW_PROTECT_FROM_INTERNAL="no"
ange to yes
FW_AUTOPROTECT_SERVICES="no"
change yes
FW_SERVICES_EXT_TCP=" http https imap imaps pop3 pop3s rsync smtp ssh
telnet"
Are you realy proving all these services to the world (which are served on your Firewall machine) or are you trying to use them from your LAN. If the latter remove all of them
FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes"
change to no
FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"
Change to DNS
FW_KERNEL_SECURITY="no"
change to yes once you get everything working
FW_ALLOW_FW_TRACEROUTE="yes"
If you want to have traceroutes coming to your firewall then ALLOW_HIGHCOMING_UDP else change here to no
--
Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Togan Muftuoglu wrote:
* Torsten Schaefer;
on 13 Nov, 2002 wrote: Hi,
I have a problem to get samba running under susefirewall2 (SUSE8.0). The TCP port 139 is enabled in the FW rules, but if I'm running the FW in testmode I get the errormessage below. See also my firewallconfig below. Hopefully anyone is able to help - I wasted a lot of time without success.
It would have been easier if you trim your lines at say 75 characters
Nov 13 23:04:40 server kernel: SuSE-FW-UNAUTHORIZED-TARGET IN=eth0 OUT= MAC=00:e0:7d:a2:68:29:00:10:5a:f1:4f:e1:08:00 SRC=192.168.0.22 DST=192.168.0.19 LEN=116 TOS=0x00 PREC=0x00 TTL=128 ID=37420 DF PROTO=TCP SPT=1254 DPT=139 WINDOW=32408 RES=0x00 ACK PSH URGP=0
FW_MASQ_NETS="0/0"
You do not want to have this like that use as 192.168.0.0/24 ( whatever your LAN topology is)
FW_PROTECT_FROM_INTERNAL="no"
ange to yes
FW_AUTOPROTECT_SERVICES="no"
change yes
FW_SERVICES_EXT_TCP=" http https imap imaps pop3 pop3s rsync smtp ssh telnet"
Are you realy proving all these services to the world (which are served on your Firewall machine) or are you trying to use them from your LAN. If the latter remove all of them
FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes"
change to no
FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"
Change to DNS
FW_KERNEL_SECURITY="no"
change to yes once you get everything working
FW_ALLOW_FW_TRACEROUTE="yes"
If you want to have traceroutes coming to your firewall then ALLOW_HIGHCOMING_UDP else change here to no
I'd say that you need port 137 enabled as well if you want netbios name resolution to your win clients... Peace -- .-. e-SecureNet /v\ We Run SuSE Project Manager // \\ *The LINUX Experts* c/o Miguel Albuquerque /( )\ Av. Miremont 46 ^^-^^ 1202 - GE, SWITZERLAND Tel: +41 (22) 782 5344 Fax: +41 (22) 782 5348 mailto:mfoacs@e-securenet.ch http://www.e-securenet.ch "Was Sind und was Sollen die Zahlen?" Dedekind. ____________________________________________________________
sorry Miguel,
this makes no difference - still not working
----- Original Message -----
From: "Miguel Albuquerque"
Togan Muftuoglu wrote:
* Torsten Schaefer;
on 13 Nov, 2002 wrote: Hi,
I have a problem to get samba running under susefirewall2 (SUSE8.0). The TCP port 139 is enabled in the FW rules, but if I'm running the FW in testmode I get the errormessage below. See also my firewallconfig below. Hopefully anyone is able to help - I wasted a lot of time without success.
It would have been easier if you trim your lines at say 75 characters
Nov 13 23:04:40 server kernel: SuSE-FW-UNAUTHORIZED-TARGET IN=eth0 OUT= MAC=00:e0:7d:a2:68:29:00:10:5a:f1:4f:e1:08:00 SRC=192.168.0.22 DST=192.168.0.19 LEN=116 TOS=0x00 PREC=0x00 TTL=128 ID=37420 DF
PROTO=TCP
SPT=1254 DPT=139 WINDOW=32408 RES=0x00 ACK PSH URGP=0
FW_MASQ_NETS="0/0"
You do not want to have this like that use as 192.168.0.0/24 ( whatever your LAN topology is)
FW_PROTECT_FROM_INTERNAL="no"
ange to yes
FW_AUTOPROTECT_SERVICES="no"
change yes
FW_SERVICES_EXT_TCP=" http https imap imaps pop3 pop3s rsync smtp ssh telnet"
Are you realy proving all these services to the world (which are served on your Firewall machine) or are you trying to use them from your LAN. If the latter remove all of them
FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes"
change to no
FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"
Change to DNS
FW_KERNEL_SECURITY="no"
change to yes once you get everything working
FW_ALLOW_FW_TRACEROUTE="yes"
If you want to have traceroutes coming to your firewall then ALLOW_HIGHCOMING_UDP else change here to no
I'd say that you need port 137 enabled as well if you want netbios name resolution to your win clients...
Peace -- .-. e-SecureNet /v\ We Run SuSE Project Manager // \\ *The LINUX Experts* c/o Miguel Albuquerque /( )\ Av. Miremont 46 ^^-^^ 1202 - GE, SWITZERLAND
Tel: +41 (22) 782 5344 Fax: +41 (22) 782 5348 mailto:mfoacs@e-securenet.ch http://www.e-securenet.ch
"Was Sind und was Sollen die Zahlen?" Dedekind. ____________________________________________________________
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Torsten Schaefer wrote:
sorry Miguel,
this makes no difference - still not working
look at this line in your config file and add port numbers or the service names you want to enable from ext_tcp connections (one can not be samba server and client from the same box, or you don't need the FW at all...). I had the same prob this line worked out. (You can check my FW rules in a previous posting few minutes ago - DHCP Timeout) FW_SERVICES_EXT_TCP="137:139 http pop3 smtp ssh" Should work -- .-. e-SecureNet /v\ We Run SuSE Project Manager // \\ *The LINUX Experts* c/o Miguel Albuquerque /( )\ Av. Miremont 46 ^^-^^ 1202 - GE, SWITZERLAND Tel: +41 (22) 782 5344 Fax: +41 (22) 782 5348 mailto:mfoacs@e-securenet.ch http://www.e-securenet.ch "Was Sind und was Sollen die Zahlen?" Dedekind. ____________________________________________________________
Miguel,
the samba should work to the internal network and not to the outside. The
enable from int tcp 137:139 doesn,t work in this config. Maybe this is
overuled by an other option or I have to switch on another things - but I
could not found it.
Torsten
----- Original Message -----
From: "Miguel Albuquerque"
Torsten Schaefer wrote:
sorry Miguel,
this makes no difference - still not working
look at this line in your config file and add port numbers or the service names you want to enable from ext_tcp connections (one can not be samba server and client from the same box, or you don't need the FW at all...). I had the same prob this line worked out. (You can check my FW rules in a previous posting few minutes ago - DHCP Timeout)
FW_SERVICES_EXT_TCP="137:139 http pop3 smtp ssh"
Should work
-- .-. e-SecureNet /v\ We Run SuSE Project Manager // \\ *The LINUX Experts* c/o Miguel Albuquerque /( )\ Av. Miremont 46 ^^-^^ 1202 - GE, SWITZERLAND
Tel: +41 (22) 782 5344 Fax: +41 (22) 782 5348 mailto:mfoacs@e-securenet.ch http://www.e-securenet.ch
"Was Sind und was Sollen die Zahlen?" Dedekind. ____________________________________________________________
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
* Torsten Schaefer;
Miguel,
the samba should work to the internal network and not to the outside. The enable from int tcp 137:139 doesn,t work in this config. Maybe this is overuled by an other option or I have to switch on another things - but I could not found it.
Nov 13 23:04:40 server kernel: SuSE-FW-UNAUTHORIZED-TARGET IN=eth0 OUT= MAC=00:e0:7d:a2:68:29:00:10:5a:f1:4f:e1:08:00 SRC=192.168.0.22 DST=192.168.0.19 LEN=116 TOS=0x00 PREC=0x00 TTL=128 ID=37420 DF PROTO=TCP SPT=1254 DPT=139 WINDOW=32408 RES=0x00 ACK PSH URGP=0 Now just to make sure that I do understand it This is the message you are getting when you want to reach your Windows' Shares Correct Now if this is the case SuSEirewall will make this type of Log if there is a problem with the Anti Spoofing/Cirumvention protection Meaning the traffic is involving a device/address which is not defined 1) Which SuSEfirewall2 version are you running grep -i ^ver /sbin/SuSEfirewall2 rpm -q SuSEfirewall2 ( If you have the rpm installed this is better as it would show the minor number as well) 2) What is your LAN setup 192.168.X.X/YY -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
Hi Togan, thanks
Nov 13 23:04:40 server kernel: SuSE-FW-UNAUTHORIZED-TARGET IN=eth0 OUT= MAC=00:e0:7d:a2:68:29:00:10:5a:f1:4f:e1:08:00 SRC=192.168.0.22 DST=192.168.0.19 LEN=116 TOS=0x00 PREC=0x00 TTL=128 ID=37420 DF PROTO=TCP SPT=1254 DPT=139 WINDOW=32408 RES=0x00 ACK PSH URGP=0
Now just to make sure that I do understand it This is the message you are getting when you want to reach your Windows' Shares Correct
Yes
rpm -q SuSEfirewall2 SuSEfirewall2-2.1-57 2) What is your LAN setup 192.168.X.X/YY 192.168.0.22 windows client
192.168.0.20 eth0 internal network card in router 192.168.0.19 eth1 = ppp0 to ADSL network card in router
Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
* Torsten Schaefer;
Hi Togan,
thanks
Nov 13 23:04:40 server kernel: SuSE-FW-UNAUTHORIZED-TARGET IN=eth0 OUT= MAC=00:e0:7d:a2:68:29:00:10:5a:f1:4f:e1:08:00 SRC=192.168.0.22 DST=192.168.0.19 LEN=116 TOS=0x00 PREC=0x00 TTL=128 ID=37420 DF PROTO=TCP SPT=1254 DPT=139 WINDOW=32408 RES=0x00 ACK PSH URGP=0
2) What is your LAN setup 192.168.X.X/YY 192.168.0.22 windows client
192.168.0.20 eth0 internal network card in router 192.168.0.19 eth1 = ppp0 to ADSL network card in router
Whay don't you place eth0 to a different subnet ie 192.168.1.0/24 As far as I see it this is a problematic NIC addressing unless you have them point to point -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
Hi all,
thanks a lot, especially Togan, for your excelent help. Togan found the
point. The firewall configuration was ok, but the networkadress
192.168.0!!!!.___ was the problem. So I changed the internal subnetwork to
192.168.1.1/22 and now it works fine.
thanks again and best regards
Torsten
----- Original Message -----
From: "Togan Muftuoglu"
* Torsten Schaefer;
on 14 Nov, 2002 wrote: Hi Togan,
thanks
Nov 13 23:04:40 server kernel: SuSE-FW-UNAUTHORIZED-TARGET IN=eth0 OUT= MAC=00:e0:7d:a2:68:29:00:10:5a:f1:4f:e1:08:00 SRC=192.168.0.22 DST=192.168.0.19 LEN=116 TOS=0x00 PREC=0x00 TTL=128 ID=37420 DF PROTO=TCP SPT=1254 DPT=139 WINDOW=32408 RES=0x00 ACK PSH URGP=0
2) What is your LAN setup 192.168.X.X/YY 192.168.0.22 windows client
192.168.0.20 eth0 internal network card in router 192.168.0.19 eth1 = ppp0 to ADSL network card in router
Whay don't you place eth0 to a different subnet ie 192.168.1.0/24 As far as I see it this is a problematic NIC addressing unless you have them point to point
--
Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Hi,
i think you should enable FW_ALLOW_FW_BROADCAST in your Firewallconfig
and set FW_IGNORE_FW_BROADCAST to "no".
In order you set ports 137:129 free this should work.
Regards,
Daniel Schulz
-----Ursprüngliche Nachricht-----
Von: Torsten Schaefer [mailto:operalight@t-online.de]
Gesendet: Donnerstag, 14. November 2002 00:45
An: suse-security@suse.com
Betreff: Re: [suse-security] Samba - Suse firewall
Miguel,
the samba should work to the internal network and not to the outside.
The
enable from int tcp 137:139 doesn,t work in this config. Maybe this is
overuled by an other option or I have to switch on another things - but
I
could not found it.
Torsten
----- Original Message -----
From: "Miguel Albuquerque"
Torsten Schaefer wrote:
sorry Miguel,
this makes no difference - still not working
look at this line in your config file and add port numbers or the service names you want to enable from ext_tcp connections (one can not be samba server and client from the same box, or you don't need the FW at all...). I had the same prob this line worked out. (You can check
my
FW rules in a previous posting few minutes ago - DHCP Timeout)
FW_SERVICES_EXT_TCP="137:139 http pop3 smtp ssh"
Should work
-- .-. e-SecureNet /v\ We Run SuSE Project Manager // \\ *The LINUX Experts* c/o Miguel Albuquerque /( )\ Av. Miremont 46 ^^-^^ 1202 - GE, SWITZERLAND
Tel: +41 (22) 782 5344 Fax: +41 (22) 782 5348 mailto:mfoacs@e-securenet.ch http://www.e-securenet.ch
"Was Sind und was Sollen die Zahlen?" Dedekind. ____________________________________________________________
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-----Ursprüngliche Nachricht----- Von: Daniel Schulz [mailto:bugtraq@i-smo.de] Gesendet: Donnerstag, 14. November 2002 08:26 An: 'Torsten Schaefer'; suse-security@suse.com Betreff: AW: [suse-security] Samba - Suse firewall
Hi,
i think you should enable FW_ALLOW_FW_BROADCAST in your Firewallconfig and set FW_IGNORE_FW_BROADCAST to "no". In order you set ports 137:129 free this should work.
Thats not nessecary when samba is running on the fw box. AFAIK this option is used when netbios should traverse sub-nets through the firewall. Maybe you can not browse the servers. But when you type in the a smb name of a server you can connect. I think Togan goes to the right direction. Why does the fw block a paket that is allowed in the roules? Cheers Kurt
Hi Kurt, i had the same problem as Thorsten, and in my case, the only thing I had to do, was to putt he Broadcast to yes. Every other option did not work for me, even if i typed in the correct smb name. As far as i know, the FW Broadcast is a Kernel 2.4 thing, and necessary for the correct work of samba. If i am wrong please correcgt me. Regards, Daniel Schulz -----Ursprüngliche Nachricht----- Von: Kurt Minder [mailto:kurtminder@bluewin.ch] Gesendet: Donnerstag, 14. November 2002 11:36 An: Suse-Security (E-Mail) Betreff: AW: [suse-security] Samba - Suse firewall
-----Ursprüngliche Nachricht----- Von: Daniel Schulz [mailto:bugtraq@i-smo.de] Gesendet: Donnerstag, 14. November 2002 08:26 An: 'Torsten Schaefer'; suse-security@suse.com Betreff: AW: [suse-security] Samba - Suse firewall
Hi,
i think you should enable FW_ALLOW_FW_BROADCAST in your Firewallconfig and set FW_IGNORE_FW_BROADCAST to "no". In order you set ports 137:129 free this should work.
Thats not nessecary when samba is running on the fw box. AFAIK this option is used when netbios should traverse sub-nets through the firewall. Maybe you can not browse the servers. But when you type in the a smb name of a server you can connect. I think Togan goes to the right direction. Why does the fw block a paket that is allowed in the roules? Cheers Kurt -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Hi, Sorry to but in guys bit I have a page which goes through the settings in SuSEfirewall V1 to send/receive mail, run DNS, etc, over the external port and offer services, including Samba, on the internal. I know V1 and V2 of SuSEfirewal are different but I think most of the settings you're talking about are the same. It's at http://www.itosn.com/security/server6.html It may help. Regards Andy
>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
On 11/13/02, 11:45:26 PM, operalight@t-online.de (Torsten Schaefer) wrote regarding Re: [suse-security] Samba - Suse firewall:
Miguel,
the samba should work to the internal network and not to the outside. The enable from int tcp 137:139 doesn,t work in this config. Maybe this is overuled by an other option or I have to switch on another things - but I could not found it.
Torsten ----- Original Message ----- From: "Miguel Albuquerque"
To: "Torsten Schaefer" Cc: <> Sent: Thursday, November 14, 2002 12:17 AM Subject: Re: [suse-security] Samba - Suse firewall
Torsten Schaefer wrote:
sorry Miguel,
this makes no difference - still not working
look at this line in your config file and add port numbers or the service names you want to enable from ext_tcp connections (one can not be samba server and client from the same box, or you don't need the FW at all...). I had the same prob this line worked out. (You can check my FW rules in a previous posting few minutes ago - DHCP Timeout)
FW_SERVICES_EXT_TCP="137:139 http pop3 smtp ssh"
Should work
-- .-. e-SecureNet /v\ We Run SuSE Project Manager // \\ *The LINUX Experts* c/o Miguel Albuquerque /( )\ Av. Miremont 46 ^^-^^ 1202 - GE, SWITZERLAND
Tel: +41 (22) 782 5344 Fax: +41 (22) 782 5348 mailto:mfoacs@e-securenet.ch http://www.e-securenet.ch
"Was Sind und was Sollen die Zahlen?" Dedekind. ____________________________________________________________
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Sorry - further to my last mail I spotted a corruption of the page I linked to and have uploaded. Andy
>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
On 11/14/02, 10:59:14 AM, Andrew Bennett
Hi,
Sorry to but in guys bit I have a page which goes through the settings in SuSEfirewall V1 to send/receive mail, run DNS, etc, over the external port and offer services, including Samba, on the internal. I know V1 and V2 of SuSEfirewal are different but I think most of the settings you're talking about are the same. It's at http://www.itosn.com/security/server6.html
It may help.
Regards Andy
>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
On 11/13/02, 11:45:26 PM, operalight@t-online.de (Torsten Schaefer) wrote regarding Re: [suse-security] Samba - Suse firewall:
Miguel,
the samba should work to the internal network and not to the outside. The enable from int tcp 137:139 doesn,t work in this config. Maybe this is overuled by an other option or I have to switch on another things - but I could not found it.
Torsten ----- Original Message ----- From: "Miguel Albuquerque"
To: "Torsten Schaefer" Cc: <> Sent: Thursday, November 14, 2002 12:17 AM Subject: Re: [suse-security] Samba - Suse firewall
Torsten Schaefer wrote:
sorry Miguel,
this makes no difference - still not working
look at this line in your config file and add port numbers or the service names you want to enable from ext_tcp connections (one can not be samba server and client from the same box, or you don't need the FW at all...). I had the same prob this line worked out. (You can check my FW rules in a previous posting few minutes ago - DHCP Timeout)
FW_SERVICES_EXT_TCP="137:139 http pop3 smtp ssh"
Should work
-- .-. e-SecureNet /v\ We Run SuSE Project Manager // \\ *The LINUX Experts* c/o Miguel Albuquerque /( )\ Av. Miremont 46 ^^-^^ 1202 - GE, SWITZERLAND
Tel: +41 (22) 782 5344 Fax: +41 (22) 782 5348 mailto:mfoacs@e-securenet.ch http://www.e-securenet.ch
"Was Sind und was Sollen die Zahlen?" Dedekind. ____________________________________________________________
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
participants (6)
-
Andrew Bennett
-
Daniel Schulz
-
Kurt Minder
-
Miguel Albuquerque
-
operalight@t-online.de
-
Togan Muftuoglu