(Please forgive the cross posting; I know many SuSE users subscribe to
both the Samba and SuSE-e discussion groups and will get this message
twice.)
I had always been frustrated trying to get SuSE's Firewall2 to play
nicely with Samba and support seamless network browsing. After much
experimentation and a lot of Googling, I was finally able to get this
working. By "working", I mean that the Network Browsing desktop icon
in SuSE 9.2 functions perfectly.
I am documenting it here hoping it will save others some time and the
temptation to just turn off the SuSE firewall.
This setup is on a SuSE 9.2 Pro system with all SuSE patches as of the
date of this writing (including the sometimes problematic -10 kernel)
and SuSE-supplied Samba 3.0.9 from the install DVD and as updated by
YaST.
After Samba is installed and configured, run YaST > Security and Users >
Firewall and on the Configuration:Services screen, put a check mark in
the tick box next to "Samba Server" under the "File
Services" heading.
This will be the second or third screen you see, depending upon whether
your firewall is not running or is already running, respectively.
Upon finishing the firewall wizard, go to the System panel in YaST and
choose the /etc/sysconfig Editor module. In the Network > Firewall >
SuSEfirewall2 section, make sure the following items have the values
set below (likely there will be additional entries for some items, but
I am showing only the Samba-specific values here).
The settings below are for a workstation with one NIC that is used to
share files and a printer with other boxes on the LAN. If you have a
server with multiple NICS, choose the interfaces (INT, EXT, DMZ) as
appropriate for your situation.
Here are the /etc/sysconfig settings from YaST:
FW_S ERVICES_EXT_TCP = microsoft-ds netbios-dgm netbios-ns netbios-ssn
FW_S ERVICES_EXT_UDP = netbios-dgm netbios-ns
FW_ALLOW_INCOMING_HIGHPORTS_TCP = netbios-ns microsoft-ds
FW_ALLOW_INCOMING_HIGHPORTS_UDP = netbios-ns microsoft-ds
FW_ALLOW_FW_BROADCAST = yes
Note that the FW_ALLOW_FW_BROADCAST setting can take an interface as a
value, so instead of setting it to "yes" as I did, you can set it to
"int", "ext", etc. to limit the effect to specific NICs.
You can also use port numbers instead of the service names
from /etc/services; the table below will give you the conversions:
Service Name Port Number
microsoft-ds 445
netbios-dgm 138
netbios-ns 137
netbios-ssn 139
I hope this is helpful... Perhaps the Samba team would consider
including this info in the S3BE documentation?
With best regards to all,
Mark
--
___________________________________________________________
A Message From... L. Mark Stone
Reliable Networks of Maine LLC
"We manage your network so you can manage your business."
477 Congress Street
Portland, ME 04101
Tel: (207) 772-5678
Web: http://www.rnome.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20050106/d11efc3b/attachment.bin
