On 08/27/2015 03:29 AM, Rowland Penny wrote:> On 27/08/15 05:20, Robert Moskowitz wrote: >> Now with firewalld, opening up ports is now 'better' done by opening >> services. So what do I need, for starters it seems: >> >> dns, dhcp, dhcpv6, samba, kerberos >> >> Here is the list of services: >> >> RH-Satellite-6 amanda-client bacula bacula-client dhcp dhcpv6 >> dhcpv6-client dns >> ftp high-availability http https imaps ipp ipp-client ipsec kerberos >> kpasswd ldap >> ldaps libvirt libvirt-tls mdns mountd ms-wbt mysql nfs ntp openvpn >> pmcd pmproxy >> pmwebapi pmwebapis pop3s postgresql proxy-dhcp radius rpc-bind samba >> samba-client >> smtp ssh telnet tftp tftp-client transmission-client vnc-server >> wbem-https > > I would have thought the easiest way to get a list of ports you need > is to start everything, and then use netstat to list the listening onesFirewalld supports port level control, and there was a nice post that I found here with a search that had the iptables for those ports and nicely annotated. But Firewalld introduces this 'service' concept, and I would like to use it where possible. I will have to ask this of the Firewalld developers, most likely if no one here has not already dealt with this.> > >> >> I will only be running one AD, but a number of file servers (which in >> Samba4 are really DCs without some services?) . >> > > Nope, a fileserver is not a DC without some services, a fileserver, > print server, member server or a Unix client are all basically the > same thing and you should follow the instructions on the member server > wiki page: > > https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_ServerI had not gotten that far along in my reading. :) thanks for the information.
On 27/08/15 10:56, Robert Moskowitz wrote:> > > On 08/27/2015 03:29 AM, Rowland Penny wrote: >> On 27/08/15 05:20, Robert Moskowitz wrote: >>> Now with firewalld, opening up ports is now 'better' done by opening >>> services. So what do I need, for starters it seems: >>> >>> dns, dhcp, dhcpv6, samba, kerberos >>> >>> Here is the list of services: >>> >>> RH-Satellite-6 amanda-client bacula bacula-client dhcp dhcpv6 >>> dhcpv6-client dns >>> ftp high-availability http https imaps ipp ipp-client ipsec kerberos >>> kpasswd ldap >>> ldaps libvirt libvirt-tls mdns mountd ms-wbt mysql nfs ntp openvpn >>> pmcd pmproxy >>> pmwebapi pmwebapis pop3s postgresql proxy-dhcp radius rpc-bind samba >>> samba-client >>> smtp ssh telnet tftp tftp-client transmission-client vnc-server >>> wbem-https >> >> I would have thought the easiest way to get a list of ports you need >> is to start everything, and then use netstat to list the listening ones > > Firewalld supports port level control, and there was a nice post that > I found here with a search that had the iptables for those ports and > nicely annotated. But Firewalld introduces this 'service' concept, > and I would like to use it where possible. I will have to ask this of > the Firewalld developers, most likely if no one here has not already > dealt with this. >Well, I don't think I will ever be able to help you with firewalld, it sounds like it has something to with systemd and I will never use that abortion, I may have to start using freebsd. Rowland>> >> >>> >>> I will only be running one AD, but a number of file servers (which >>> in Samba4 are really DCs without some services?) . >>> >> >> Nope, a fileserver is not a DC without some services, a fileserver, >> print server, member server or a Unix client are all basically the >> same thing and you should follow the instructions on the member >> server wiki page: >> >> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server > > I had not gotten that far along in my reading. :) > > thanks for the information. > >
Am 27.08.2015 um 12:07 schrieb Rowland Penny:> Well, I don't think I will ever be able to help you with firewalld, it > sounds like it has something to with systemd and I will never use that > abortion, I may have to start using freebsd.can you please stop your systemd-trolling or at least assume something has to do with systemd because it has a 'd' letter in the name without informing? not that i will use firewalld instead my iptables shellscripts but at least i take a look what the things i don't want to use are and why i don't want to use them............ https://fedorahosted.org/firewalld/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20150827/1d32757f/signature.sig>