Hello group, I was almost tearing my hair out trying to configure a samba server when I discovered that I was not getting access to the server from the windows clients due to the suse firewall. I disabled it and everything was fine. Clearly I don't want to leave my system without the firewall so my question is, what exaclty do I have to modify in the firewall to allow my windows clients to access the samba server, while keeping the firewall active. Thanks a lot for any help. Felipe.
* Felipe Leon;
Hello group,
I was almost tearing my hair out trying to configure a samba server when I discovered that I was not getting access to the server from the windows clients due to the suse firewall. I disabled it and everything was fine. Clearly I don't want to leave my system without the firewall so my question is, what exaclty do I have to modify in the firewall to allow my windows clients to access the samba server, while keeping the firewall active.
start by reading the Unoffical SuSEfirewall2 manual http://sf.net/projects/susefaq Once you read it you will see you have to have the ports defined FW_SERVICES_INT_TCP="139" and you also need to have FW_SAMBA=yes. It is better to adjust these via the system editor in YaST2 or the best use "pico -w" or vim to edit /etc/sysconfig/SuSEfirewall2 On the other hand running samba on the firewal machine is not a good idea IMO yet YMMV HTH -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://susefaq.sf.net
windows clients to access the samba server, while keeping the firewall active.
start by reading the Unoffical SuSEfirewall2 manual http://sf.net/projects/susefaq
Once you read it you will see you have to have the ports defined FW_SERVICES_INT_TCP="139" and you also need to have FW_SAMBA=yes. It is better to adjust these via the system editor in YaST2 or the best use "pico -w" or vim to edit /etc/sysconfig/SuSEfirewall2
On the other hand running samba on the firewal machine is not a good idea IMO yet YMMV
Thanks for the tips but I don't know exaclty what you meant with "firewall machine" . I do not have a box as dedicated firewall, the computers at my home connect to the internet through a router which is supposed to have a built-in firewall, also deals with the dsl modem and it is also a dhcp server. Is that configuration safe? Is it safe even to completely trust the internal network? Sorry about my ignorance, and thanks in advance! Felipe.
* Felipe Leon;
On the other hand running samba on the firewal machine is not a good idea IMO yet YMMV
Thanks for the tips but I don't know exaclty what you meant with "firewall
I was assuming you had the linux machine as the Internet router/gateway. Sorry my bad assumption.
machine" . I do not have a box as dedicated firewall, the computers at my home connect to the internet through a router which is supposed to have a built-in firewall, also deals with the dsl modem and it is also a dhcp
Have you configured that firewall no firewall comes preconfigured ( I know marketing departments love the saying "one size fits all" but they never fit properly)
server. Is that configuration safe? Is it safe even to completely trust the internal network?
Because I am a paranoid I deliberately force internal machines go thru a Linux gateway which is SuSEfirewalled and internal machines are not trusted they are limited on what they can do. The Gateway machine is then connected to Cisco router with access-lists in control also. And this is my home network ( I am not saying buy a cisco router but make sure you have tight firewall rules applied on your border router. )
Sorry about my ignorance, and thanks in advance!
Night time reading assignment for you http://www.oreilly.com/catalog/fire2/ is the book and the sample chapter is http://www.oreilly.com/catalog/fire2/chapter/ch13.html HTH -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://susefaq.sf.net
Have you configured that firewall no firewall comes preconfigured ( I know marketing departments love the saying "one size fits all" but they never fit properly)
Yes, I just initially configured it using Yast
Because I am a paranoid I deliberately force internal machines go thru a Linux gateway which is SuSEfirewalled and internal machines are not trusted they are limited on what they can do. The Gateway machine is then connected to Cisco router with access-lists in control also. And this is my home network ( I am not saying buy a cisco router but make sure you have tight firewall rules applied on your border router.
Well I thing at present I wouldn't be able to do so much with my network, but after some reading I started to edit (with vim) /etc/sysconfig/SuSEfirewall2 and then /sbin/SuSEfirewall2 stop and start.
Sorry about my ignorance, and thanks in advance!
Night time reading assignment for you
http://www.oreilly.com/catalog/fire2/ is the book and the sample chapter is http://www.oreilly.com/catalog/fire2/chapter/ch13.html
I will order that book! Im going to ask probably a trivial question but sometimes this type of little details are hard to pick up from literature: As you know, for the SuSEfirewall2 I need to provide the type of device pointing to the external (unprotected) network and the device pointing to the internal ("trusted") network. If my computer is not connecting directly to the dsl modem but through a firewall-router that deals with the PPPoEe (sorry if I mispelled it) I wonder which is my external interface then and which my internal one. I set both to be eth0 but when I start the firewall I get that because "192.168.0.*/255.255.255.0 is internal and external, no spoof protection possible from internal". In the other hand when I leave as empty the external one the firewall also starts but tells me that it needs to know which is the external interface. So, in this setting (machine connecting through eth to a router-firewall-dhcp server) which are the internal/external interfaces of the machine?? Thanks for helping me understand this little issue. greetings! Felipe.
You're external interface will be the nic that connects this machine to the internet (your router/gateway/dsl-modem... whatever), the internal interface is the nic that connects to the rest of your network. Felipe Leon wrote:
Have you configured that firewall no firewall comes preconfigured ( I know marketing departments love the saying "one size fits all" but they never fit properly)
Yes, I just initially configured it using Yast
Because I am a paranoid I deliberately force internal machines go thru a Linux gateway which is SuSEfirewalled and internal machines are not trusted they are limited on what they can do. The Gateway machine is then connected to Cisco router with access-lists in control also. And this is my home network ( I am not saying buy a cisco router but make sure you have tight firewall rules applied on your border router.
Well I thing at present I wouldn't be able to do so much with my network, but after some reading I started to edit (with vim) /etc/sysconfig/SuSEfirewall2 and then /sbin/SuSEfirewall2 stop and start.
Sorry about my ignorance, and thanks in advance!
Night time reading assignment for you
http://www.oreilly.com/catalog/fire2/ is the book and the sample chapter is http://www.oreilly.com/catalog/fire2/chapter/ch13.html
I will order that book!
Im going to ask probably a trivial question but sometimes this type of little details are hard to pick up from literature: As you know, for the SuSEfirewall2 I need to provide the type of device pointing to the external (unprotected) network and the device pointing to the internal ("trusted") network. If my computer is not connecting directly to the dsl modem but through a firewall-router that deals with the PPPoEe (sorry if I mispelled it) I wonder which is my external interface then and which my internal one. I set both to be eth0 but when I start the firewall I get that because "192.168.0.*/255.255.255.0 is internal and external, no spoof protection possible from internal". In the other hand when I leave as empty the external one the firewall also starts but tells me that it needs to know which is the external interface. So, in this setting (machine connecting through eth to a router-firewall-dhcp server) which are the internal/external interfaces of the machine??
Thanks for helping me understand this little issue.
greetings!
Felipe.
-- Allen Seelye Aseelye@blackfoot.net
* Felipe Leon;
Have you configured that firewall no firewall comes preconfigured ( I know marketing departments love the saying "one size fits all" but they never fit properly)
Yes, I just initially configured it using Yast
You have configured your linux gateway what about the DSL modem/router whichyou were saying that had a builtin firewall
network. If my computer is not connecting directly to the dsl modem but through a firewall-router that deals with the PPPoEe (sorry if I mispelled it) I wonder which is my external interface then and which my internal one. I set both to be eth0 but when I start the firewall I get that because "192.168.0.*/255.255.255.0 is internal and external, no spoof protection
If your firewall-router is giving your IP via dhcp ( as I understand it) 1) on your Linux gateway machine type 'ifstatus eth0' to figure out your ip address for that machine
possible from internal". In the other hand when I leave as empty the external one the firewall also starts but tells me that it needs to know which is the external interface. So, in this setting (machine connecting through eth to a router-firewall-dhcp server) which are the internal/external interfaces of the machine??
As I understand your Linux gateway machine has a second ethernet card. if that is the case here is what I can suggest 2)assign a differenet subnet mask to your 2nd ethernet card ie. 192.168.1.0/255.255.255.0 This way you will configure your SuSEfirewall2 FW_DEV_EXT=eth0 192.168.0.*/255.255.255.0 FW_DEV_INT=eth1 192.168.1.*/255.255.255.0 HTH -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://susefaq.sf.net
participants (3)
-
Allen Seelye
-
Felipe Leon
-
Togan Muftuoglu