Apologies but this initial post is rather short on detail. Please if anybody can help let me know what you'll need and I'll post it up. My set up is as follows: I have one PC running Windows 2k. Standard onboard network card running fine. This then connects to a D-Link 504 modem router via ethernet cable (cat 5e) My second PC is running SuSE Linux 9.3 It has a 3com 10/100 network card (detected and working) again connected via ethernet to the above named D-Link 504 router. If I pop a Windows disk into the second PC I can access the network (ie my first PC situated upstairs). I mention this simply to eliminate the possibility of physical (cable) faults. Now, I can access the internet through the network card on the SuSE PC via my broadband connection from the router. No matter what I try I cannot access the Windows workgroup/domain on the Windows PC. I was able to do this with SuSE 9.2 I hve set up SAMBA in the same way as I had it with 9.2 but this does not seem to work. I have a feeling it is something to do with the SuSE firewall but I really am unsure of what to look for. I spent a few hours (about 4) last night reading and re-reading my 9.3 Admin manual. I could not glean the information I needed hence my plea on here :-) Could anybody give me some pointers of where to look, what to check? If I need to post up log files please let me know but tell me exactly what I would need to show. I'm starting to flounder now :-| I haven't posted minute details about the PC as I didn't believe them to be relevant. -- Take care. Kevan Farmer 34 Hill Street Cheslyn Hay Staffordshire WS6 7HR
Kevanf1 said:
Apologies but this initial post is rather short on detail. Please if anybody can help let me know what you'll need and I'll post it up.
My set up is as follows:
I have one PC running Windows 2k. Standard onboard network card running fine. This then connects to a D-Link 504 modem router via ethernet cable (cat 5e)
My second PC is running SuSE Linux 9.3 It has a 3com 10/100 network card (detected and working) again connected via ethernet to the above named D-Link 504 router.
If I pop a Windows disk into the second PC I can access the network (ie my first PC situated upstairs). I mention this simply to eliminate the possibility of physical (cable) faults.
Now, I can access the internet through the network card on the SuSE PC via my broadband connection from the router. No matter what I try I cannot access the Windows workgroup/domain on the Windows PC. I was able to do this with SuSE 9.2 I hve set up SAMBA in the same way as I had it with 9.2 but this does not seem to work. I have a feeling it is something to do with the SuSE firewall but I really am unsure of what to look for. I spent a few hours (about 4) last night reading and re-reading my 9.3 Admin manual. I could not glean the information I needed hence my plea on here :-)
Could anybody give me some pointers of where to look, what to check? If I need to post up log files please let me know but tell me exactly what I would need to show. I'm starting to flounder now :-| I haven't posted minute details about the PC as I didn't believe them to be relevant. -- Take care. Kevan Farmer
Since in 9.3 the firewall is enabled by default then this would stop your PC connecting to Samba. Since you are connected to the Internet via a router it is quite safe to dissable the SuSE firewall. You can simply do this in YAST, "Security and Users" then "Firewall". David -- David Bottrill david@bottrill.org www.bottrill.org Registered Linux user number 330730 Internet SIP Phone: 1-747-244-2699
On 13/07/05, David Bottrill <david@bottrill.org> wrote:
Since in 9.3 the firewall is enabled by default then this would stop your PC connecting to Samba. Since you are connected to the Internet via a router it is quite safe to dissable the SuSE firewall. You can simply do this in YAST, "Security and Users" then "Firewall".
David
Cheers David. I will give it a try later this afternoon. I'll post the results here. -- Take care. Kevan Farmer 34 Hill Street Cheslyn Hay Staffordshire WS6 7HR
On 13/07/05, Kevanf1 <kevanf1@gmail.com> wrote:
On 13/07/05, David Bottrill <david@bottrill.org> wrote:
Since in 9.3 the firewall is enabled by default then this would stop your PC connecting to Samba. Since you are connected to the Internet via a router it is quite safe to dissable the SuSE firewall. You can simply do this in YAST, "Security and Users" then "Firewall".
David
Cheers David. I will give it a try later this afternoon. I'll post the results here.
As promised the results... It worked :-) thank you David, turned the firewall off and checked the samba settings bingo! Access to the network (LAN). Now, firstly, why on earth are SuSE shipping with the firewall not allowing internal access? External I might understand - though it would be a mistake - but not internal. Secondly, how can I configure the firewall so that it will allow all internal traffic in order for me to have it running? Or am I being too security conscious bearing in mind I have web access through a router with its own firewall? -- Take care. Kevan Farmer 34 Hill Street Cheslyn Hay Staffordshire WS6 7HR
Kevanf1 said:
On 13/07/05, Kevanf1 <kevanf1@gmail.com> wrote:
On 13/07/05, David Bottrill <david@bottrill.org> wrote:
Since in 9.3 the firewall is enabled by default then this would stop your PC connecting to Samba. Since you are connected to the Internet via a router it is quite safe to dissable the SuSE firewall. You can simply do this in YAST, "Security and Users" then "Firewall".
David
Cheers David. I will give it a try later this afternoon. I'll post the results here.
As promised the results... It worked :-) thank you David, turned the firewall off and checked the samba settings bingo! Access to the network (LAN). Now, firstly, why on earth are SuSE shipping with the firewall not allowing internal access? External I might understand - though it would be a mistake - but not internal. Secondly, how can I configure the firewall so that it will allow all internal traffic in order for me to have it running? Or am I being too security conscious bearing in mind I have web access through a router with its own firewall?
I think this is a bit of a knee jerk reaction and is done for the same reason that M$ now enable the firewall be default in windows XP. There was something on slashdot the other week where someone had setup some badly configured linux and BSD boxes and found that after a number of months none had been compromised, whereas the life of an unprotected windows box is reckoned to be 12 minutes!! If for instance you connected your SuSE box directly to a modem of any sort, Analogue, DSL, whatever, at least you would have protection by default with SuSE. Aking newbies whether they want the firewall is probably just asking too much and SuSE would then be accused of making the install two complicated. During the install you do have the option to disable the firewall, but it's not too obvious and by default it's enabled. Not all users like us run networks that rival some large companies ;) Dave -- David Bottrill david@bottrill.org www.bottrill.org Registered Linux user number 330730 Internet SIP Phone: 1-747-244-2699
On Wednesday, July 13, 2005 @ 4:59 AM, David Bottrill wrote:
Kevanf1 said:
On 13/07/05, Kevanf1 <kevanf1@gmail.com> wrote:
On 13/07/05, David Bottrill <david@bottrill.org> wrote:
Since in 9.3 the firewall is enabled by default then this would stop your PC connecting to Samba. Since you are connected to the Internet via a router it is quite safe to dissable the SuSE firewall. You can simply do this in YAST, "Security and Users" then "Firewall".
David
Cheers David. I will give it a try later this afternoon. I'll post the results here.
As promised the results... It worked :-) thank you David, turned the firewall off and checked the samba settings bingo! Access to the network (LAN). Now, firstly, why on earth are SuSE shipping with the firewall not allowing internal access? External I might understand - though it would be a mistake - but not internal. Secondly, how can I configure the firewall so that it will allow all internal traffic in order for me to have it running? Or am I being too security conscious bearing in mind I have web access through a router with its own firewall?
I think this is a bit of a knee jerk reaction and is done for the same reason that M$ now enable the firewall be default in windows XP. There was something on slashdot the other week where someone had setup some badly configured linux and BSD boxes and found that after a number of months none had been compromised, whereas the life of an unprotected windows box is reckoned to be 12 minutes!!
If for instance you connected your SuSE box directly to a modem of any sort, Analogue, DSL, whatever, at least you would have protection by default with SuSE. Aking newbies whether they want the firewall is probably just asking too much and SuSE would then be accused of making the install two complicated. During the install you do have the option to disable the firewall, but it's not too obvious and by default it's enabled. Not all users like us run networks that rival some large companies ;)
Dave
-- David Bottrill
david@bottrill.org www.bottrill.org Registered Linux user number 330730 Internet SIP Phone: 1-747-244-2699
Some third party firewalls allow you to code exceptions. For example, in my Norton firewall (Internet Worm Protection) for my XP machine I have specifically excluded my Linux machine from firewall protection. So, as long as the connection is coming from my Linux machine, it isn't blocked. Seems like something along these lines would be a nice feature for SuSE Firewall. That way, you could even exclude 192.168.1.1 thru, say, 192.168.1.102 from being firewalled. Greg Wallace
On Thursday 14 July 2005 03:00, Greg Wallace wrote:
Some third party firewalls allow you to code exceptions. For example, in my Norton firewall (Internet Worm Protection) for my XP machine I have specifically excluded my Linux machine from firewall protection. So, as long as the connection is coming from my Linux machine, it isn't blocked. Seems like something along these lines would be a nice feature for SuSE Firewall. That way, you could even exclude 192.168.1.1 thru, say, 192.168.1.102 from being firewalled.
I'm not entirely sure what you mean by this. You can specify in quite some detail which hosts are allowed to do what in SuSEfirewall2 (just not through the GUI, but the configuration file is very well documented) If in the above you mean you want to be able to block all machines from internet access (meaning from the inside to the outside) except a few trusted ones, then that is perfectly possible If by "not being firewalled" you mean connections from the outside to it are possible, then you can only ever do that for one machine in a NAT network. In a non-NAT network, it is possible to set up detailed rules in SuSEfirewall2 for just about any trust configuration of your hosts
On Wednesday, July 13, 2005 @ 5:09 PM, Anders Johanson wrote:
On Thursday 14 July 2005 03:00, Greg Wallace wrote:
Some third party firewalls allow you to code exceptions. For example, in my Norton firewall (Internet Worm Protection) for my XP machine I have specifically excluded my Linux machine from firewall protection. So, as long as the connection is coming from my Linux machine, it isn't blocked. Seems like something along these lines would be a nice feature for SuSE Firewall. That way, you could even exclude 192.168.1.1 thru, say, 192.168.1.102 from being firewalled.
I'm not entirely sure what you mean by this. You can specify in quite some detail which hosts are allowed to do what in SuSEfirewall2 (just not through the GUI, but the configuration file is very well documented)
If in the above you mean you want to be able to block all machines from internet access (meaning from the inside to the outside) except a few trusted ones, then that is perfectly possible
If by "not being firewalled" you mean connections from the outside to it are possible, then you can only ever do that for one machine in a NAT network. In a non-NAT network, it is possible to set up detailed rules in SuSEfirewall2 for just about any trust configuration of your hosts
Sounds good. I didn't see any mention of this capability in the other notes and I don't run SuSE Firewall myself. People like Kevan could take this approach instead of completely disabling the firewall and still have firewall protection against internet worms. They'd still be able to have their Samba connections functional, which seemed to be what the main complaint was. This would be especially good for those people who don't have a router. They could network their own machines and still make use of the firewall to protect against outside hackers. Greg Wallace
On 14/07/05, Greg Wallace <jgregw@acsalaska.net> wrote:
On Wednesday, July 13, 2005 @ 5:09 PM, Anders Johanson wrote:
On Thursday 14 July 2005 03:00, Greg Wallace wrote:
Some third party firewalls allow you to code exceptions. For example, in my Norton firewall (Internet Worm Protection) for my XP machine I have specifically excluded my Linux machine from firewall protection. So, as long as the connection is coming from my Linux machine, it isn't blocked. Seems like something along these lines would be a nice feature for SuSE Firewall. That way, you could even exclude 192.168.1.1 thru, say, 192.168.1.102 from being firewalled.
I'm not entirely sure what you mean by this. You can specify in quite some detail which hosts are allowed to do what in SuSEfirewall2 (just not through the GUI, but the configuration file is very well documented)
If in the above you mean you want to be able to block all machines from internet access (meaning from the inside to the outside) except a few trusted ones, then that is perfectly possible
If by "not being firewalled" you mean connections from the outside to it are possible, then you can only ever do that for one machine in a NAT network. In a non-NAT network, it is possible to set up detailed rules in SuSEfirewall2 for just about any trust configuration of your hosts
Sounds good. I didn't see any mention of this capability in the other notes and I don't run SuSE Firewall myself. People like Kevan could take this approach instead of completely disabling the firewall and still have firewall protection against internet worms. They'd still be able to have their Samba connections functional, which seemed to be what the main complaint was. This would be especially good for those people who don't have a router. They could network their own machines and still make use of the firewall to protect against outside hackers.
I think this site I have found gives all the details needed. It's just about tailor made for what I needed :-) http://www.tweakhound.com/linux/samba/page_1.htm -- Take care. Kevan Farmer 34 Hill Street Cheslyn Hay Staffordshire WS6 7HR
I'm guessing the appraoch is disallow everything allow only what's required, which is good security practise. ----- Original Message ----- From: Kevanf1 To: suse-linux-e@lists.suse.com Sent: Wednesday, July 13, 2005 2:23 PM Subject: Re: [SLE] Home network problem On 13/07/05, Kevanf1 <kevanf1@gmail.com> wrote:
On 13/07/05, David Bottrill <david@bottrill.org> wrote:
Since in 9.3 the firewall is enabled by default then this would stop your PC connecting to Samba. Since you are connected to the Internet via a router it is quite safe to dissable the SuSE firewall. You can simply do this in YAST, "Security and Users" then "Firewall".
David
Cheers David. I will give it a try later this afternoon. I'll post the results here.
As promised the results... It worked :-) thank you David, turned the firewall off and checked the samba settings bingo! Access to the network (LAN). Now, firstly, why on earth are SuSE shipping with the firewall not allowing internal access? External I might understand - though it would be a mistake - but not internal. Secondly, how can I configure the firewall so that it will allow all internal traffic in order for me to have it running? Or am I being too security conscious bearing in mind I have web access through a router with its own firewall? -- Take care. Kevan Farmer 34 Hill Street Cheslyn Hay Staffordshire WS6 7HR -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
On Wed, 2005-07-13 at 13:23 +0100, Kevanf1 wrote:
On 13/07/05, Kevanf1 <kevanf1@gmail.com> wrote:
On 13/07/05, David Bottrill <david@bottrill.org> wrote:
Since in 9.3 the firewall is enabled by default then this would stop your PC connecting to Samba. Since you are connected to the Internet via a router it is quite safe to dissable the SuSE firewall. You can simply do this in YAST, "Security and Users" then "Firewall".
As promised the results... It worked :-) thank you David, turned the firewall off and checked the samba settings bingo! Access to the network (LAN). Now, firstly, why on earth are SuSE shipping with the firewall not allowing internal access? External I might understand - though it would be a mistake - but not internal. Secondly, how can I configure the firewall so that it will allow all internal traffic in order for me to have it running? Or am I being too security conscious bearing in mind I have web access through a router with its own firewall? I like to run the firewall even when using a router with SPI. You can open TCP ports 137:139 and 445 and UDP 137:139 without *too* much compromise of security and have SAMBA work just fine. You can do this with YaST. It is interesting to read /etc/services.
Firewalls really want you to have two network interfaces: one purely local (and trusted) and one for the internet only and not trusted at all. This, of course, is not how most people are set up. regards, -- N. B. Day N 30 1.52' W 90 4.08' 8:49am up 1 day 23:29, 2 users, load average: 0.04, 0.14, 0.25 SuSE Linux 9.3 (i586)
participants (6)
-
Anders Johansson -
Andre Venter -
David Bottrill -
Greg Wallace -
Kevanf1 -
N. B. Day