Firewall 2.0: Samba services
Hello, With Firewall 1.4 and 2.0 i have a problem: The SuSE Firewall blocking all SAMBA pakets from my internal network :-(( My system has 5 Networkcards. All pakets from my local networks, e.g. 192.168.1.0:138 -> 192.168.2.0:138, will be blocked :-(( When comes a bugfix ? greetings daniel
Hi, On Tue, 7 Mar 2000, Daniel Mehrmann wrote:
When comes a bugfix ?
I forwarded it to Marc. But he is out of office this week. :( Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47
Hello,
With Firewall 1.4 and 2.0 i have a problem:
The SuSE Firewall blocking all SAMBA pakets from my internal network :-(( My system has 5 Networkcards. All pakets from my local networks, e.g. 192.168.1.0:138 -> 192.168.2.0:138, will be blocked :-((
When comes a bugfix ?
greetings daniel
hi, my settings in /etc/rc.config.d/firewall.rc.config to become full access for samba by the internal network: FW_SERVICE_INTERNAL_TCP="... 137:139 ..." FW_SERVICE_INTERNAL_UDP="... 137:139 ..." the settings 137:139 in the udp part is responsible for resolving questions by the netbios services. in this case, there is no reason for a bugfix. (it works fine) greetings s.schmitz
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-------------------------------------------------- e-mail : s.schmitz@gmx.de phone: +49-2803-93424 homepage: ---------------- fax : +49-2803-93426 -------------------------------------------------- "Das Leben ist das, was sich ereignet, während wir mit anderen Dingen beschäftigt sind." (John Lennon) --------------------------------------------------
----- Original Message ----- From: "Stefan Schmitz" <s.schmitz@gmx.de> To: <suse-security@suse.com> Sent: Sunday, March 12, 2000 11:19 AM Subject: Re: [suse-security] Firewall 2.0: Samba services
Hello,
With Firewall 1.4 and 2.0 i have a problem:
The SuSE Firewall blocking all SAMBA pakets from my internal network
(
My system has 5 Networkcards. All pakets from my local networks, e.g. 192.168.1.0:138 -> 192.168.2.0:138, will be blocked :-((
When comes a bugfix ?
greetings daniel
hi,
my settings in /etc/rc.config.d/firewall.rc.config to become full access for samba by the internal network:
FW_SERVICE_INTERNAL_TCP="... 137:139 ..." FW_SERVICE_INTERNAL_UDP="... 137:139 ..."
the settings 137:139 in the udp part is responsible for resolving questions by the netbios services.
in this case, there is no reason for a bugfix. (it works fine)
greetings s.schmitz
That's uninteresting because i allow all services for all hosts in my internal network: --------------cut----------------- FW_PROTECT_FROM_INTERNAL="no" --------------cut----------------- So well ${FW_SERVICE_INTERNAL_TCP} and ${FW_SERVICE_INTERNAL_UDP} should be emtpy. Or is that a mistake ? greetings daniel
----- Original Message ----- From: "Stefan Schmitz" <s.schmitz@gmx.de> To: <suse-security@suse.com> Sent: Sunday, March 12, 2000 11:19 AM Subject: Re: [suse-security] Firewall 2.0: Samba services
Hello,
With Firewall 1.4 and 2.0 i have a problem:
The SuSE Firewall blocking all SAMBA pakets from my internal network
(
My system has 5 Networkcards. All pakets from my local networks, e.g. 192.168.1.0:138 -> 192.168.2.0:138, will be blocked :-((
When comes a bugfix ?
greetings daniel
hi,
my settings in /etc/rc.config.d/firewall.rc.config to become full access for samba by the internal network:
FW_SERVICE_INTERNAL_TCP="... 137:139 ..." FW_SERVICE_INTERNAL_UDP="... 137:139 ..."
the settings 137:139 in the udp part is responsible for resolving questions by the netbios services.
in this case, there is no reason for a bugfix. (it works fine)
greetings s.schmitz
That's uninteresting because i allow all services for all hosts in my internal network: --------------cut----------------- FW_PROTECT_FROM_INTERNAL="no" --------------cut-----------------
So well ${FW_SERVICE_INTERNAL_TCP} and ${FW_SERVICE_INTERNAL_UDP} should be emtpy. Or is that a mistake ?
greetings daniel
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
hmmm.....i think your fw-settings seems ok. mybe your samba configuration has fault settings or your there were missing kernel settings! ? on my server samba 2.05a still works fine in combination with firewaling (ipchains 1.4/2.0). i hope you will solve your problem soon. greetings s.schmitz
----- Original Message ----- From: "Stefan Schmitz" <s.schmitz@gmx.de> To: <suse-security@suse.com> Sent: Sunday, March 12, 2000 11:56 PM Subject: Re[2]: [suse-security] Firewall 2.0: Samba services
Hello,
With Firewall 1.4 and 2.0 i have a problem:
The SuSE Firewall blocking all SAMBA pakets from my internal network
My system has 5 Networkcards. All pakets from my local networks, e.g. 192.168.1.0:138 -> 192.168.2.0:138, will be blocked :-((
When comes a bugfix ?
greetings daniel
hi,
my settings in /etc/rc.config.d/firewall.rc.config to become full access for samba by the internal network:
FW_SERVICE_INTERNAL_TCP="... 137:139 ..." FW_SERVICE_INTERNAL_UDP="... 137:139 ..."
the settings 137:139 in the udp part is responsible for resolving questions by the netbios services.
in this case, there is no reason for a bugfix. (it works fine)
greetings s.schmitz
That's uninteresting because i allow all services for all hosts in my internal network: --------------cut----------------- FW_PROTECT_FROM_INTERNAL="no" --------------cut-----------------
So well ${FW_SERVICE_INTERNAL_TCP} and ${FW_SERVICE_INTERNAL_UDP} should be emtpy. Or is that a mistake ?
greetings daniel hmmm.....i think your fw-settings seems ok.
mybe your samba configuration has fault settings or your there were missing kernel settings! ?
on my server samba 2.05a still works fine in combination with firewaling (ipchains 1.4/2.0).
i hope you will solve your problem soon.
Today i resived a email from marc :-) I must allow the comunication for every internal network with: FW_FORWARD_TCP="...." and FW_FORWARD_UDP="..." I'm test it tomorow. greetings Daniel
participants (3)
-
Daniel Mehrmann -
Stefan Schmitz -
Thomas Biege