e-mail   
 Menu
  Home
  Download
  Top 10 Downloads
  Last 15 New Files
  Web Links
  Tips
  Last 15 New Tips
  NLM Programming
  Admins Club





Installation and Administration






Polish Forum SUSE




Novell Connection Magazine


 
Who's Online

 There are currently,
5 guest(s)
that is (are) online.
 


Technical Information

Back to List of Categories

Technical Information about
  A Little YaST Magic
  A Slideshow for Your KDE Wallpaper
  Add Novell Support to Your Firefox Search Engine
  Adding To The Panels In Gnome.
  Akregator - RSS News Reader
  An Introduction to WBEM and OpenWBEM in SUSE LINUX
  Authenticating SUSE LINUX to eDirectory via LDAP
  Basic Mounting Differences between Windows and Linux
  Beginner's Guide to Using Novell SUSE LINUX's Build Utility
  Browsing Files
  Card Readers on SUSE LINUX 9.2 Professional?
  Changing the Default Browser in Gnome
  Developing Perl CGI scripts on SUSE LINUX
  Do I Have Permission?
  Double SYNC -- Using RSYNC Simultaneously With and Without Branch Office for Data Backup
  Dumb Question: Mounting Linux CDs
  Easy Command-Line Introduction
  Easy Way to Debug SSL Connections
  Enabling an Interactive Startup in Novell/SUSE LINUX
  Exploring MySQL 4.1 and PHP 5 on SUSE LINUX
  Extend Your Panels Using Gnome Drawers.
  Firefox Speed Tip
  Fix Java Errors With ConsoleOne On Linux
  Fix Your Mouse Wheel...
  Gimp -- Closing In on Photoshop...
  Gimp Tips Part 1: Resizing Images
  Gimp Tips Part 2: Rounding Corners
  Gimp Tips Part 3: Fading Photography Edges
  Gimp Tips Part 4: Selective Colorization
  Gimp Tips Part 5: Plugins a Plenty - Adding Light
  Gimp Tips Part 6: Using The Clone Tool
  Google Auto-fill Replica for Linux
  How a Corrupted USB Drive Was Saved by GNU/Linux
  How to Implement Login Scripts into a Pure Linux Environment
  How to install and connect an External Modem on a Linux PC
  How to Install the Novell Client for Linux on SUSE Linux 10.0
  How to launch applications at login in Gnome
  How to Remote Control Linux
  How to setup a Linux application to automatically startup when you login.
  How to share Files and Printers Between Linux and MS Windows with Samba
  How to uninstall the Novell Client for Linux
  How to upgrade the Novell Client for Linux
  How to use SMB without turning off the firewall
  How's the Weather?
  HTML Development Tools in Linux
  Informative Bash Prompt
  Install and Use QEMU on SUSE 9.2
  Install Linux Frequently, Without the Hassle
  Installing Apache, PHP, and MySQL on SUSE LINUX Professional
  Installing RPM Files
  Integrating Novell Linux Desktop into a Novell NetWare network
  Introduction to Oracle 10g R1 (10.1.0.3) on SUSE LINUX Professional 9.3
  iPrint Printers on Novell Linux Desktop
  Linux Scheduling Priorities Explained
  Make a Misbehaving Program Quit
  Manually Mounting a USB Flash Drive in Linux
  Migrating To Linux, Advantages Over Windows 9.x And XP
  Minimize Your Maximizing with Multiple Desktops
  Mounting NetWare Volumes On NLD Illustrated
  Move Your /home to Another Computer
  Mozilla Mail Review
  Need a Backup?
  Novell Client Settings with Windows Terminal Server
  Novell Linux Desktop Equivalents of Windows Software - New and Improved
  Novell Linux Desktop System Upgrade How-To
  Partitioning Hard Drive for Linux Install
  Perform Remote SuSE Installations With Virtual Network Computing
  Quick Intro to Klipper
  Quick Shortcuts in The Gimp
  Reset Your Lost Root Password
  Resizing Your Gnome / KDE Panels
  Runlevels in SUSE LINUX
  Running Existing Win32 Applications on SUSE LINUX
  Service Command in /etc/init.d/
  Setting Shortcut Keys
  Setting up a Linux NFS Install Source for Your LAN
  Should I choose Novell Linux Desktop or SUSE LINUX Professional as my desktop?
  Starting Services From the Command Line On SuSE LINUX
  Sticky Notes for Gnome
  SUSE LINUX 9.3 Professional Review
  Sync Up The Taskbar and the Desktop in Gnome
  System Upgrade How-To
  Taking Screenshots in Linux
  The Basics of Messaging in the Cross-Platform GroupWise Client
  The Novell Client for Linux (beta).
  Transparent Panels in Gnome
  Trick Out Your KDE Desktop
  Understanding the YAST Software Module Options
  Updating Your Software with Red Carpet
  Using dsbk on Linux and Unix
  Using iFolder to Synchronize Firefox Bookmarks
  Using Multiple Swap Partitions In 2.4
  Using openSSH to Securely Access Remote Systems
  What FTP client should I use on Linux?
  What Is Logical Volume Management?
  What is so great about Firefox?
  Which Graphic Formats For What?
  Windows Shortcuts for Firefox Tabs on Linux
  Windows to Linux: A Beginner's Guide
  Windows Users Can Feel at Home Exploring Files in Linux
  WLAN interface as the Default
  Work With User Selection Icons In KDM
  YAST Online Update De-Mystified

Technical Information
 How to use SMB without turning off the firewall

Printer-friendly version

Posted: 24 Mar 2005

When I first set up the computers I pinged and pinged but got nothing. In frustration I opened my browser and low and behold I discovered that in order for ping to work After much searching on the internet I discovered I had to set my external interface in the firewall to the wireless card (wlan-bus-pcmcia). Once I did that ping worked but I could not see my home windows network.

On doing some more research I found much cursing on the internet about this and everyone saying the only way to get SMB to work was turn off the firewall. I turned off the firewall and lo and behold smb worked and I could see all my windows computers.

Now I don't particularly like the idea of turning off the firewall so tried and tried but all I could find was to open ports 137-139 and 445. I opened both of these (TCP and UDP) in the firewall but still no joy.

So my question - how do you get SMB to work with the SUSE firewall.

It would be great if you did a piece of networking laptops?

Many thanks and keep the Cool Solutions going. I have used several of them.

Answer: For SUSE

First the guesses.

Where is the Internet connection? Is it on a Windows machine or a broadband router, or do you have a Linux box with firewall between it and your LAN.

Since you got onto the Internet before you could ping from your laptops, I suppose you have the connection on to your Windows box with a wireless router to your laptops.

Not a good security policy. A major difference between Linux and Windows is that Linux's biggest priority is security, whereas Window's is ease of use, not a good policy in a developing a secure technology, but one that sells systems. Better to put a Linux firewall in between the Internet and the rest of the network. There is a reference to a Shorewall setup at the end of this answer that is well worth a read, even if you just look at the pictures.

I think a picture from you would also have been a great help in answering this question.

The simple answer.

To get Samba to work in a Windows network neighbourhood, there has to be at least one domain controller. This can be on a Windows machine (At least Windows NT), but it is just as easy to switch on the Linux server as well. You can do this at boot up or manually.

Use Yast for this task as it also sets the firewall permissions and ports for you. Here is the Yast page for setting up the Samba server.

And this is what you see when you click on the Samba Server icon:

Read the help panel, change anything you need to and click next to take you to this screen , where you make the first important decision.

Here is where you tell the service to start on boot or manually, and where you open the firewall to samba traffic.

The other tabs on this page are self explanatory. Actually I use that great application Webmin to set up Samba. You can see my Howto on the subject on my Cool Solutions HowTo pages.

OK if that didn't solve the problem, so you are going to become a real super user now and get down to the command line and the editor.

This is really not dumb user stuff any more so be warned.

Before you start, carefully take a look at:

/usr/share/doc/packages/SUSEfirewall2/EXAMPLES !

/usr/share/doc/packages/SUSEfirewall2/FAQ !

/etc/sysconfig/SUSEfirewall2

Also have a look at the KDE help system on security.

The following command line instructions will not be part of the SUSE Firewall as the script in /etc/sysconfig writes the rules for you. If you find these rules do set things up and you cannot configure the script to do the same, then you should save them to your own firewall script and run it from rc.local in /etc/init.d.

Another alternative is to bypass the SUSE firewall by turning it off and use WebMin or GuardDog or Shorewall to set up the rules, although I think it is better to do these as tests which can discover the underlying problem, and go back and reconfigure your network, samba and firewall using Yast, especially since any changes or add-ons you make will have to be remembered for future upgrades and new machines.

A technical solution

Presuming that Samba is working, from the information that has been provided here, the most likely scenario is a miss configuration of the firewall. This is probably due to the fact that Yast detected 2 network interfaces and configured the firewall for a multi-homed system (more than one network card). By setting the wireless interface to external means that the firewall thinks the wireless interface is connected directly to the Internet or a WAN (Wide Area Network). To fix it I would suggest the following.

NOTE: This solution assumes that the Internet connection is running a broadband router or a Linux box with a wireless card. Also the not configured Ethernet device is not used.

  1. Set the internal interface for the firewall to the wireless device.
  2. Set the firewall to allow ICMP (Internet Control Message Protocol) with following types.
    1. 0 (Echo request)
    2. 8 (Echo Reply)
    3. 3 (Destination unreachable)(This one is optional but useful)

    You can set these rules using Webmin.

    A rule like the following should appear in the resulting firewall output which you can see on the command line with:

    iptables -L

    Or, you can use iptables to input these commands temporarily by just typing them, as is, on the console terminal. See the iptables man or info pages for more details.

    iptables -A INPUT -p icmp -s <wireless_card_ipaddress> --icmp-type 3 -j ACCEPT
    iptables -A OUTPUT -p icmp -d <wireless_card_ipaddress> --icmp-type 3 - ACCEPT

    iptables -A INPUT -p icmp -s <wireless_card_ipaddress> --icmp-type 0/0 -j ACCEPT
    iptables -A OUTPUT -p icmp -d <wireless_card_ipaddress> --icmp-type 0/0 - ACCEPT

    iptables -A INPUT -p icmp -s <wireless_card_ipaddress> --icmp-type 8/0 -j ACCEPT
    iptables -A OUTPUT -p icmp -d <wireless_card_ipaddress> --icmp-type 8/0 - ACCEPT

  3. Allow Traffic for the Windows network by opening the following ports for SMB both TCP and UDP

    Port Number Traffic Type
    445 Microsoft-DS
    135 DCE endpoint resolution
    136
    137 NETBIOS Name Service
    138 NETBIOS Datagram Service
    139 NETBIOS session service

    (You can see these services as names in the /etc/sysconfig script if you performed the simple solution first.)

    These are the rules to input:

    iptables -A INTPUT -p tcp -m multiport -s 10.0.0.1 --destination-ports 445,135,136,137,138,139 -j ACCEPT
    iptables -A OUTPUT -p tcp -m multiport -d 10.0.0.1 --destination-ports 445,135,136,137,138,139 -j ACCEPT
    iptables -A INTPUT -p udp -m multiport -s 10.0.0.1 --destination-ports 445,135,136,137,138,139 -j ACCEPT
    iptables -A OUTPUT -p udp -m multiport -d 10.0.0.1 --destination-ports 445,135,136,137,138,139 -j ACCEPT

    NOTE: The above rules are examples only and need to be modified to work with your system.

  4. Shorewall is an excellent program (Shell script) for setting up Linux firewalls. This good reference page will show you a system including pictures with wireless laptops.

This Newbie answer has covered:

How to set up a Samba server on a SUSE Linux machine and punch through the firewall using Yast.
How to create technical iptables rules to test the same thing.
Other alternatives to SUSE to setup firewall rules under Linux.
A robust solution for fire walling a Windows/Linux LAN.






Portal posiada akceptację firmy Novell Polska
Wszystkie materiały dotyczące produktów firmy Novell umieszczono za zgodą Novell Polska
Portal has been accepted by the Novell Polska
All materials concerning products of Novell firm are placed with Novell Polska consent.
NetWare is a registered trademark of Novell Inc. in the United States and other countries.
Windows is a trademark or a registered trademark of Microsoft Corporation in the United States and other countries.
Sybase is a registered trademark of Sybase Inc. in the United States of America.
Other company and product names are trademarks or registered trademarks of their respective owners.