Hi, I setup my 10.3 firewall to 'protect firewall from internal zone'. The machine runs squid and I'm trying to get the users to authenticate themselves. I setup squid to use smb_auth but it doesn't work. When I stop the firewall, or disable 'protect firewall from internal zone' it works fine. I tracked it down to the udp-protocol that's used by smb_auth. The squid machine sends a request to the samba-server to port 137 (or is it 139, don't remember exactly). Samba responds from this port to the originating port. If I open that originating port in the firewall it works, but not for long. Sometime later another port is used as source and the responses from samba are dropped. Correct me if I am wrong. Check your firewall log... If I remember correctly, although your squid machine initiates the connection on a semi-ramdom port, the samba server replies to it, with a specific
Koenraad Lelong wrote: source-port. If so you can add a custom rule allowing all connections from that specific source port and from the samba server. If what I said is false, could you please provide the firewall log that states your claim ?
I tried adding samba-server to the allowed services but this does not help. Any solution for this, besides disabling the "protection from internal zone" ?
-- Rui Santos http://www.ruisantos.com/ Veni, vidi, Linux! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org