Re: [suse-security] SuSE-firewall with webserver and samba
Thanks to all who've helped so far. Here are a few further details. Christian Eisendle wrote:
In case of a slow network, the DNS-Server could be the reason for this
problem, but after a refresh of the site (or maybe restart of the browser) the website should be opened. Are there any virtual hosts on the webserver? If not, users having this problem could try to enter the IP-Adress of your webserver instead of the DNS-Name, to determine if the name-resolving makes the problems.
Indeed, some users who couldn't use the name can now access the server with the IP-Adress. From this I conclude that the problem must definitely be with the DNS-Server, or with network speed. The web server is registered with the central university administration, and they've told me it is entered correctly in their DNS server. I can't readily compare nslookup output from outside the university and inside because I'm inside the university network even if I connect from home, but I'll try to get someone to do that for me. As for the samba problem:
What's the exact problem? Is it a connection or an authenticating problem? At first try to connect with the ip-adress instead of the netbios name (\\222.222.222.x\share) Does a telnet to samba server on port 139 work? Does it work, when SuSEfirewall2 is stopped?
1) Connection with IP-Address works. 2) telnet is disabled on the server. an ssh connection on that port doesn't work. 3) the connection works without the firewall, even with the server name, and not only with the ip address. with the firewall, it only works with the ip address. The firewall configuration file now looks like this: FW_QUICKMODE="no" FW_DEV_EXT="eth0" FW_DEV_INT="" FW_MASQUERADE="no" FW_PROTECT_FROM_INTERNAL="yes" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="22 80 ssh www" FW_SERVICES_EXT_UDP="" FW_SERVICES_EXT_IP="" FW_SERVICES_INT_TCP="" FW_SERVICES_INT_UDP="" FW_SERVICES_INT_IP="" FW_TRUSTED_NETS="131.130.180.0/25,tcp,137 131.130.180.0/25,tcp,138 131.130.180.0/25,tcp,139 131.130.180.0/25,tcp,445 131.130.180.0/25,udp,137 131.130.180.0/25,udp,138 131.130.180.0/25,udp,139 131.130.180.0/25,udp,445" FW_ALLOW_INCOMING_HIGHPORTS_TCP="dns" FW_ALLOW_INCOMING_HIGHPORTS_UDP="dns" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_SAMBA="yes" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="yes" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_KERNEL_SECURITY="yes" FW_ALLOW_PING_FW="no" FW_ALLOW_PING_EXT="no" FW_IPSEC_TRUST="no" FW_DEV_DMZ="" FW_SERVICES_DMZ_IP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_TCP="" FW_MASQ_NETS="" FW_ROUTE="no" FW_ALLOW_FW_TRACEROUTE="yes" This is my smb.conf: [global] workgroup = ISTB netbios name = ISTB server server string = ISTB fileserver on %h encrypt passwords = yes invalid users = root hosts allow = 222.222.222.0/25 localhost load printers = no passdb backend = smbpasswd:/etc/samba/smbpasswd [data] comment = ISTB Kollektivverzeichnis volume = ISTB-Kollektiv path = /istb_userdata browseable = yes writeable = yes guest ok = no valid users = istb_user read list = istb_user write list = istb_user Thanks again, Birgit
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Birgit Kellner wrote: | Thanks to all who've helped so far. Here are a few further details. Birgit, I am able to access your website using IP address. :D So, you're right, it may be a DNS problem, my guess is : the DNS information has not spread to the world. If that is the case, just wait one or two days and the problem will be over (I hope). :) Here is your future website text. === This is the future home of the Institute for South Asian, Tibetan and Buddhist Studies, University of Vienna. Click here for our present website in German. ==== - -- Tedi Heriyanto URL : www.tedi-h.com GPG fingerprint = C02C 7797 0EF0 5D25 798A 0A25 1DD3 6924 57C7 5D78 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB+aSxHdNpJFfHXXgRArKkAJ9G0f5OHmsTsTyecZVYmTyw4lnaDwCgwZU/ ee6nthLBKL2cuR9rbm5v9l0= =76ZC -----END PGP SIGNATURE-----
participants (2)
-
Birgit Kellner
-
Tedi Heriyanto