On 10/10/07, Joe Morris (NTM)
TCP needs 139 and 445
looks like 445 is not needed, but anyway, I opened it
So, I edited the firewall rules, and added also: TCP 135, 138 UDP 137:138 445
UDP needs 137 and 138 at least.
yes, I have them open
There seems to be some inconsistency with what you have said, so I am not sure what the problem is. With the ports you said, it should not have worked before. If it did work before, the kernel update should not have affected it. Perhaps it was the reboot that caused the problem, which would have reloaded the firewall, that caused the problem. Dunno.
But it worked, and I have rebooted the machine before.
Does that allow it to work? If it does, make sure tcp 139 and 445 is open, and udp 137 and 138, and I believe 135 may help, IIRC.
Yes, they are open, and I checked with nmap from another machine on the network, they appear open. Now, I have read this article: http://wiki.suselinuxsupport.de/wikka.php?wakka=HowToFirewallLinuxHostSamba And tried what they have there, no joy. Also, the standard configuration (not using sysconfig editor, as in the article, but using the YaST firewall module) I did eth0 - external interface Allowed services: SSH, Samba server No advanced conf. Selecting the Samba server changed what's in Broadcast: netbios-ns netbios-dgm This resulted in the following lines in /etc/sysconfig/SuSEfirewall2: FW_SERVICES_EXT_TCP="22 microsoft-ds netbios-ssn" FW_SERVICES_EXT_UDP="netbios-dgm netbios-ns" FW_ALLOW_FW_BROADCAST_EXT="netbios-ns netbios-dgm" This does not allow me to browse the network, I do not see any domain or workgroup, as well as I can not log in as domain user, as it can not find the domain controller. When I try to browse the network, in the firewall log I see: Oct 10 23:16:00 sunsuse kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:11:11:4c:87:8a:00:90:27:99:8c:07:08:00 SRC=192.168.2.10 DST=192.168.2.222 LEN=90 TOS=0x00 PREC=0x00 TTL=128 ID=36328 PROTO=UDP SPT=137 DPT=1090 LEN=70 Oct 10 23:16:00 sunsuse kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:11:11:4c:87:8a:00:0c:29:e6:88:02:08:00 SRC=192.168.2.232 DST=192.168.2.222 LEN=90 TOS=0x00 PREC=0x00 TTL=128 ID=20868 PROTO=UDP SPT=137 DPT=1090 LEN=70 Oct 10 23:16:00 sunsuse kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:11:11:4c:87:8a:00:0c:29:69:00:dc:08:00 SRC=192.168.2.245 DST=192.168.2.222 LEN=90 TOS=0x00 PREC=0x00 TTL=128 ID=29965 PROTO=UDP SPT=137 DPT=1090 LEN=70 Where 192.168.2.10 is the PDC, and 192.168.2.232 and 192.168.2.245 are 2 windows machines, which have one and the same workgroup, and are not part of the domain. Till today's update, I was able to see both the domain and the workgroup. Now, here is what's in the /etc/sysconfig/SuSEfirewall2, when I follow the advice from the article above, and put everything trough Yast/sysconfig editor: FW_DEV_EXT - eth0 (not changed) FW_SERVICES_EXT_TCP - changed from "22 microsoft-ds netbios-ssn" to "22 135 139" FW_SERVICES_EXT_UDP - changed from "netbios-dgm netbios-ns" to "137 138" FW_ALLOW_FW_BROADCAST_EXT - changed from "netbios-ns netbios-dgm" to "yes" I did not edit anything about trusted networks. After applying these settings, /etc/sysconfig/SuSEfirewall2 has these entries (the relevant ones): FW_SERVICES_EXT_TCP="22 135 139" FW_SERVICES_EXT_UDP="137 138" FW_ALLOW_FW_BROADCAST_EXT="yes" And this does not work as well. Same problem - no network browsing, and same entries in the firewall log. And it should be expected, as I would guess that the UI just uses all the microsoft-xx and netbios-xxx stuff as abbreviations for the corresponding ports. iptables -L shows these relevant entries(I removed the LOG rules): ACCEPT tcp -- anywhere anywhere tcp dpt:22 ACCEPT tcp -- anywhere anywhere tcp dpt:135 ACCEPT tcp -- anywhere anywhere tcp dpt:139 ACCEPT udp -- anywhere anywhere udp dpt:137 ACCEPT udp -- anywhere anywhere udp dpt:138 So, looks like everything is enabled, but it does not work at all. And last 3 days it was working, and I did not change the firewall rules today (before I started these testings for this post). These are the packages I installed/updated the last 2 days: OpenOffice_org-icon-themes-2.3.0.1.2-5.1 Wed 10 Oct 2007 03:40:50 PM CDT kernel-syms-2.6.22.9-0.4 Wed 10 Oct 2007 03:38:52 PM CDT emacs-22.1-40.2 Wed 10 Oct 2007 03:38:35 PM CDT kernel-default-2.6.22.9-0.4 Wed 10 Oct 2007 03:37:28 PM CDT kernel-source-2.6.22.9-0.4 Wed 10 Oct 2007 03:35:18 PM CDT emacs-nox-22.1-40.2 Wed 10 Oct 2007 03:30:54 PM CDT emacs-info-22.1-40.2 Wed 10 Oct 2007 03:30:45 PM CDT koffice-illustration-1.6.3-60.1 Wed 10 Oct 2007 03:30:05 PM CDT koffice-1.6.3-60.1 Wed 10 Oct 2007 03:25:16 PM CDT libqt4-x11-4.3.2-3.1 Tue 09 Oct 2007 03:34:11 PM CDT libqt4-qt3support-4.3.2-3.1 Tue 09 Oct 2007 03:33:16 PM CDT libqt4-sql-4.3.2-3.1 Tue 09 Oct 2007 03:33:06 PM CDT libqt4-dbus-1-4.3.2-3.1 Tue 09 Oct 2007 03:33:04 PM CDT libqt4-4.3.2-3.1 Tue 09 Oct 2007 03:33:01 PM CDT kssh-0.7-781.3 Tue 09 Oct 2007 03:32:47 PM CDT MPlayer-1.0rc2-1.pm.1 Tue 09 Oct 2007 03:32:33 PM CDT dejavu-2.20-0.pm.1 Tue 09 Oct 2007 03:30:17 PM CDT wine-0.9.46-12.3 Tue 09 Oct 2007 03:29:43 PM CDT openssl-0.9.8e-45.2 Tue 09 Oct 2007 03:28:17 PM CDT libopenssl-devel-0.9.8e-45.2 Tue 09 Oct 2007 03:28:11 PM CDT libopenssl0_9_8-0.9.8e-45.2 Tue 09 Oct 2007 03:28:05 PM CDT OpenOffice_org-calc-2.3.0.1.2-10.2 Tue 09 Oct 2007 03:27:54 PM CDT openssl-certs-0.9.8e-45.2 Tue 09 Oct 2007 03:27:39 PM CDT So, the only change is the kernel. Yes, I understand that it shouldn't change anything, but that's what happen, and I need to fix it somehow. Btw, if net browsing works for you, would you be so kind to email me your /etc/sysconfig/SuSEfirewall2 file, so I can compare? Thanks. -- Svetoslav Milenov (Sunny) Even the most advanced equipment in the hands of the ignorant is just a pile of scrap. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org