[opensuse] no network browse after today's kernel upgrade
Hi, just upgraded 10.3 x 86 with the latest kernel: 2.6.22.9-0.4-default. Before that, I had firewall enabled, and in the allowed services I had Samba server and SSH, and in the advanced, I have enabled only TCP port 135. After the upgrade, and reboot, my login no longer works (I use Windows Domain authentication), it reports that can not reach the domain controller. Also, when I go to browse network (smb:/ in konqueror), it replies with: "Unable to find any workgroups in your local network. This might be caused by an enabled firewall." So, I edited the firewall rules, and added also: TCP 135, 138 UDP 137:138 445 Besides the weird problem in Yast firewall module, that it woud not write the changes every time, after all I succeeded, and these ports are now open. But, even with these ports open, still I can not browse the network. And I was able before the upgrade. Someone else seeing that problem, so I can file a bug report? Or any solution (besides disabling the firewall)? Cheers. -- Svetoslav Milenov (Sunny) Even the most advanced equipment in the hands of the ignorant is just a pile of scrap. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Sunny wrote:
Hi, just upgraded 10.3 x 86 with the latest kernel: 2.6.22.9-0.4-default.
Before that, I had firewall enabled, and in the allowed services I had Samba server and SSH, and in the advanced, I have enabled only TCP port 135.
After the upgrade, and reboot, my login no longer works (I use Windows Domain authentication), it reports that can not reach the domain controller. Also, when I go to browse network (smb:/ in konqueror), it replies with: "Unable to find any workgroups in your local network. This might be caused by an enabled firewall."
The smb browser works for me, but I don't have a domain controller to log into. However, I just installed the Samba server & stuff, after the kernel, so that might affect it. -- Use OpenOffice.org <http://www.openoffice.org> -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 10/10/07, James Knott <james.knott@rogers.com> wrote:
The smb browser works for me, but I don't have a domain controller to log into. However, I just installed the Samba server & stuff, after the kernel, so that might affect it.
James, can you tell me what you have in /etc/sysconfig/SuSEfirewall2 for these entries: FW_SERVICES_EXT_TCP FW_SERVICES_EXT_UDP FW_ALLOW_FW_BROADCAST_EXT Or even better, can you send me your file, so I can compare all the settings (maybe I overlook something). Also, which kernel are you running, and what versions of samba client and server? Thanks -- Svetoslav Milenov (Sunny) Even the most advanced equipment in the hands of the ignorant is just a pile of scrap. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Sunny wrote:
On 10/10/07, James Knott <james.knott@rogers.com> wrote:
The smb browser works for me, but I don't have a domain controller to log into. However, I just installed the Samba server & stuff, after the kernel, so that might affect it.
James, can you tell me what you have in /etc/sysconfig/SuSEfirewall2 for these entries: FW_SERVICES_EXT_TCP FW_SERVICES_EXT_UDP FW_ALLOW_FW_BROADCAST_EXT
Or even better, can you send me your file, so I can compare all the settings (maybe I overlook something).
Also, which kernel are you running, and what versions of samba client and server?
Thanks
I don't run a firewall on this system. I have another computer running as a firewall. Do your problems disappear if you turn off the firewall? -- Use OpenOffice.org <http://www.openoffice.org> -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 10/11/07, James Knott <james.knott@rogers.com> wrote:
I don't run a firewall on this system. I have another computer running as a firewall. Do your problems disappear if you turn off the firewall?
The problem is with the firewall. If I turn it off, it's OK. But it was running with the firewall turned on till yesterday. -- Svetoslav Milenov (Sunny) Even the most advanced equipment in the hands of the ignorant is just a pile of scrap. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Sunny wrote:
On 10/11/07, James Knott <james.knott@rogers.com> wrote:
I don't run a firewall on this system. I have another computer running as a firewall. Do your problems disappear if you turn off the firewall?
The problem is with the firewall. If I turn it off, it's OK. But it was running with the firewall turned on till yesterday.
Then you'll have to check the firewall configuration and operation. -- Use OpenOffice.org <http://www.openoffice.org> -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott wrote: [snip]
I don't run a firewall on this system. I have another computer running as a firewall. Do your problems disappear if you turn off the firewall?
You can forget USB memory as well!! Hal has problems - NOT nice ones either!! Fred -- This message originated from a Linux computer using Open Source software: openSuSE Linux 10.3. No Gates, no Windows....just Linux - STABLE & SECURE! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 10/11/2007 05:16 AM, Sunny wrote:
Hi, just upgraded 10.3 x 86 with the latest kernel: 2.6.22.9-0.4-default.
Before that, I had firewall enabled, and in the allowed services I had Samba server and SSH, and in the advanced, I have enabled only TCP port 135.
TCP needs 139 and 445
After the upgrade, and reboot, my login no longer works (I use Windows Domain authentication), it reports that can not reach the domain controller. Also, when I go to browse network (smb:/ in konqueror), it replies with: "Unable to find any workgroups in your local network. This might be caused by an enabled firewall."
So, I edited the firewall rules, and added also: TCP 135, 138 UDP 137:138 445
UDP needs 137 and 138 at least.
Besides the weird problem in Yast firewall module, that it woud not write the changes every time, after all I succeeded, and these ports are now open.
But, even with these ports open, still I can not browse the network. And I was able before the upgrade.
There seems to be some inconsistency with what you have said, so I am not sure what the problem is. With the ports you said, it should not have worked before. If it did work before, the kernel update should not have affected it. Perhaps it was the reboot that caused the problem, which would have reloaded the firewall, that caused the problem. Dunno.
Someone else seeing that problem, so I can file a bug report?
Or any solution (besides disabling the firewall)?
Does that allow it to work? If it does, make sure tcp 139 and 445 is open, and udp 137 and 138, and I believe 135 may help, IIRC. -- Joe Morris Registered Linux user 231871 running openSUSE 10.2 x86_64 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 10/10/07, Joe Morris (NTM) <Joe_Morris@ntm.org> wrote:
TCP needs 139 and 445
looks like 445 is not needed, but anyway, I opened it
So, I edited the firewall rules, and added also: TCP 135, 138 UDP 137:138 445
UDP needs 137 and 138 at least.
yes, I have them open
There seems to be some inconsistency with what you have said, so I am not sure what the problem is. With the ports you said, it should not have worked before. If it did work before, the kernel update should not have affected it. Perhaps it was the reboot that caused the problem, which would have reloaded the firewall, that caused the problem. Dunno.
But it worked, and I have rebooted the machine before.
Does that allow it to work? If it does, make sure tcp 139 and 445 is open, and udp 137 and 138, and I believe 135 may help, IIRC.
Yes, they are open, and I checked with nmap from another machine on the network, they appear open. Now, I have read this article: <http://wiki.suselinuxsupport.de/wikka.php?wakka=HowToFirewallLinuxHostSamba> And tried what they have there, no joy. Also, the standard configuration (not using sysconfig editor, as in the article, but using the YaST firewall module) I did eth0 - external interface Allowed services: SSH, Samba server No advanced conf. Selecting the Samba server changed what's in Broadcast: netbios-ns netbios-dgm This resulted in the following lines in /etc/sysconfig/SuSEfirewall2: FW_SERVICES_EXT_TCP="22 microsoft-ds netbios-ssn" FW_SERVICES_EXT_UDP="netbios-dgm netbios-ns" FW_ALLOW_FW_BROADCAST_EXT="netbios-ns netbios-dgm" This does not allow me to browse the network, I do not see any domain or workgroup, as well as I can not log in as domain user, as it can not find the domain controller. When I try to browse the network, in the firewall log I see: Oct 10 23:16:00 sunsuse kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:11:11:4c:87:8a:00:90:27:99:8c:07:08:00 SRC=192.168.2.10 DST=192.168.2.222 LEN=90 TOS=0x00 PREC=0x00 TTL=128 ID=36328 PROTO=UDP SPT=137 DPT=1090 LEN=70 Oct 10 23:16:00 sunsuse kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:11:11:4c:87:8a:00:0c:29:e6:88:02:08:00 SRC=192.168.2.232 DST=192.168.2.222 LEN=90 TOS=0x00 PREC=0x00 TTL=128 ID=20868 PROTO=UDP SPT=137 DPT=1090 LEN=70 Oct 10 23:16:00 sunsuse kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:11:11:4c:87:8a:00:0c:29:69:00:dc:08:00 SRC=192.168.2.245 DST=192.168.2.222 LEN=90 TOS=0x00 PREC=0x00 TTL=128 ID=29965 PROTO=UDP SPT=137 DPT=1090 LEN=70 Where 192.168.2.10 is the PDC, and 192.168.2.232 and 192.168.2.245 are 2 windows machines, which have one and the same workgroup, and are not part of the domain. Till today's update, I was able to see both the domain and the workgroup. Now, here is what's in the /etc/sysconfig/SuSEfirewall2, when I follow the advice from the article above, and put everything trough Yast/sysconfig editor: FW_DEV_EXT - eth0 (not changed) FW_SERVICES_EXT_TCP - changed from "22 microsoft-ds netbios-ssn" to "22 135 139" FW_SERVICES_EXT_UDP - changed from "netbios-dgm netbios-ns" to "137 138" FW_ALLOW_FW_BROADCAST_EXT - changed from "netbios-ns netbios-dgm" to "yes" I did not edit anything about trusted networks. After applying these settings, /etc/sysconfig/SuSEfirewall2 has these entries (the relevant ones): FW_SERVICES_EXT_TCP="22 135 139" FW_SERVICES_EXT_UDP="137 138" FW_ALLOW_FW_BROADCAST_EXT="yes" And this does not work as well. Same problem - no network browsing, and same entries in the firewall log. And it should be expected, as I would guess that the UI just uses all the microsoft-xx and netbios-xxx stuff as abbreviations for the corresponding ports. iptables -L shows these relevant entries(I removed the LOG rules): ACCEPT tcp -- anywhere anywhere tcp dpt:22 ACCEPT tcp -- anywhere anywhere tcp dpt:135 ACCEPT tcp -- anywhere anywhere tcp dpt:139 ACCEPT udp -- anywhere anywhere udp dpt:137 ACCEPT udp -- anywhere anywhere udp dpt:138 So, looks like everything is enabled, but it does not work at all. And last 3 days it was working, and I did not change the firewall rules today (before I started these testings for this post). These are the packages I installed/updated the last 2 days: OpenOffice_org-icon-themes-2.3.0.1.2-5.1 Wed 10 Oct 2007 03:40:50 PM CDT kernel-syms-2.6.22.9-0.4 Wed 10 Oct 2007 03:38:52 PM CDT emacs-22.1-40.2 Wed 10 Oct 2007 03:38:35 PM CDT kernel-default-2.6.22.9-0.4 Wed 10 Oct 2007 03:37:28 PM CDT kernel-source-2.6.22.9-0.4 Wed 10 Oct 2007 03:35:18 PM CDT emacs-nox-22.1-40.2 Wed 10 Oct 2007 03:30:54 PM CDT emacs-info-22.1-40.2 Wed 10 Oct 2007 03:30:45 PM CDT koffice-illustration-1.6.3-60.1 Wed 10 Oct 2007 03:30:05 PM CDT koffice-1.6.3-60.1 Wed 10 Oct 2007 03:25:16 PM CDT libqt4-x11-4.3.2-3.1 Tue 09 Oct 2007 03:34:11 PM CDT libqt4-qt3support-4.3.2-3.1 Tue 09 Oct 2007 03:33:16 PM CDT libqt4-sql-4.3.2-3.1 Tue 09 Oct 2007 03:33:06 PM CDT libqt4-dbus-1-4.3.2-3.1 Tue 09 Oct 2007 03:33:04 PM CDT libqt4-4.3.2-3.1 Tue 09 Oct 2007 03:33:01 PM CDT kssh-0.7-781.3 Tue 09 Oct 2007 03:32:47 PM CDT MPlayer-1.0rc2-1.pm.1 Tue 09 Oct 2007 03:32:33 PM CDT dejavu-2.20-0.pm.1 Tue 09 Oct 2007 03:30:17 PM CDT wine-0.9.46-12.3 Tue 09 Oct 2007 03:29:43 PM CDT openssl-0.9.8e-45.2 Tue 09 Oct 2007 03:28:17 PM CDT libopenssl-devel-0.9.8e-45.2 Tue 09 Oct 2007 03:28:11 PM CDT libopenssl0_9_8-0.9.8e-45.2 Tue 09 Oct 2007 03:28:05 PM CDT OpenOffice_org-calc-2.3.0.1.2-10.2 Tue 09 Oct 2007 03:27:54 PM CDT openssl-certs-0.9.8e-45.2 Tue 09 Oct 2007 03:27:39 PM CDT So, the only change is the kernel. Yes, I understand that it shouldn't change anything, but that's what happen, and I need to fix it somehow. Btw, if net browsing works for you, would you be so kind to email me your /etc/sysconfig/SuSEfirewall2 file, so I can compare? Thanks. -- Svetoslav Milenov (Sunny) Even the most advanced equipment in the hands of the ignorant is just a pile of scrap. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (4)
-
Fred A. Miller -
James Knott -
Joe Morris (NTM) -
Sunny