Rui Santos wrote:
Koenraad Lelong wrote:
Rui Santos schreef:
Rui Santos schreef:
Koenraad Lelong wrote:
Hi, ... Correct me if I am wrong. Check your firewall log... If I remember correctly, although your squid machine initiates the connection on a semi-ramdom port, the samba server replies to it, with a specific source-port. If so you can add a custom rule allowing all connections from that specific source port and from the samba server.
It's a random port from the squid/firewall machine that goes to port 137 (I checked) on the samba-server and the response is blocked/dropped. This is also what I stated. What I asked you to confirm is that if
Koenraad Lelong wrote: the response from the samba-server has a specific source port, mentioned in the firewall log as STP. So, you have to look in your firewall log for something like SRC=<samba-server IP> PROTO=UDP SPT=<specific port>
Jul 9 15:21:06 lace3 kernel: SFW2-INint-DROP-DEFLT IN=bond0 OUT= MAC=00:1e:0b:bd:d3:62:00:0f:3d:f3:09:dd:08:00 SRC=192.168.0.4 DST=192.168.0.5 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=137 DPT=1220 LEN=70
That's what I checked. SRC=samba-server DST=squid. Great... That was I have anticipated on my first email...
Now you have two options: 1) Use Yast -> Security and Users -> Firewall -> Custom Rules -> Firewall Zone: Internal -> Add a souce 192.168.0.4 with UDP protocol with source port 137. 2) Place FW_SERVICES_ACCEPT_INT="192.168.0.4,udp,,137" onto /etc/sysconfig/SuSEfirewall2 and restart your SuSE firewall with rcSuSEfirewall2 restart
It should be port 137 instead of 127. Bad typo... sorry...
Hope it helps... Rui
If you still cannot advance, please continue with showing the firewall log file. There has to be a solution...
I'll have to check how I can make such a custom rule. Never done this before. Thanks.
-- Rui Santos http://www.ruisantos.com/ Veni, vidi, Linux! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org