On 5/11/12 8:20 AM, Christofer C. Bell wrote:
On Sun, Nov 4, 2012 at 8:11 AM, Carlos E. R. <robin.listas@telefonica.net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 2012-11-04 14:53, Otto Rodusek wrote:
Thanks for the quick reply. I have made the mods to /etc/sysconfig/SuSefirewall2, I assume this is the correct place? Yes.
It will remain there even after updates/upgrades or will I need to make this change every time after updates? It remains. If you use the multiline syntax, it breaks on upgrades.
Also, from google the ports seem to be as follows:
tcp: 139, 445 and udp: 137, 138,139. I hope I got it right - will know after testing!! Thanks. Otto. The numbers look familiar. Yes, and you can see them here, as well:
cbell@circe:~> egrep 'netbios|microsoft-ds' /etc/services netbios-ns 137/tcp # NETBIOS Name Service netbios-ns 137/udp # NETBIOS Name Service netbios-dgm 138/tcp # NETBIOS Datagram Service netbios-dgm 138/udp # NETBIOS Datagram Service netbios-ssn 139/tcp # NETBIOS Session Service netbios-ssn 139/udp # NETBIOS Session Service microsoft-ds 445/tcp # Microsoft-DS microsoft-ds 445/udp # Microsoft-DS cbell@circe:~>
Also, your mix of which to allow for udp or tcp looks correct based on the configuration YaST provided for me on my home network with Samba with the exception of 139 (netbios-ssn) which is only open on tcp:
cbell@circe:~> sudo /usr/sbin/iptables -L | egrep 'netbios|microsoft-ds' | grep tcp LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:netbios-ssnflags: FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix "SFW2-INext-ACC-TCP " ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:microsoft-dsflags: FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix "SFW2-INext-ACC-TCP " ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds cbell@circe:~> sudo /usr/sbin/iptables -L | egrep 'netbios|microsoft-ds' | grep udp ACCEPT udp -- anywhere anywhere PKTTYPE = broadcast udp dpt:netbios-ns ACCEPT udp -- anywhere anywhere PKTTYPE = broadcast udp dpt:netbios-dgm ACCEPT udp -- anywhere anywhere udp spt:netbios-ns ctstate RELATED ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm cbell@circe:~>
(You may need to paste that into an editor or something to widen the line length).
-- Chris Hi Chris,
Thanks for this info - really useful to have and file for future reference - exactly what I needed!! Otto. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org