samba ports and SuSEfirewall2

Post by lynn
I have SuSEfirewall2 running with ports 135 137 138 139 and 445 found by
Googleing open but it won't connect to me. The NAS gives me a password
prompt. With the firewall _disabled_ It connects fine without password and
enables me to watch films and listen to mp3's etc which are stored on my
laptop. /var/log/warn nor /var/log/messages nor /var/log/firewall give any
clue. Could someone tell me which ports I need to open?
L x

In Yast2 firewall add samba services , server and client. It should open
them up for you. That's what I have on my linux machine.BUT...If I'm
reading your e-mail right....you're trying to connect to the NAS. So if
the NAS is where you're installing the samba services, then make sure
you also add users and machines using smbpasswd on that machine. Check
out http://samba.org/samba/docs/man/Samba-HOWTO-Collection/ for a samba
howto.

--
Michael S. Dunsavage
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Carlos E. R.

2009-04-07 13:29:48 UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Post by lynn
I have SuSEfirewall2 running with ports 135 137 138 139 and 445 found by
Googleing open but it won't connect to me.

How exactly are they opened?

Post by lynn
The NAS gives me a password
prompt. With the firewall _disabled_ It connects fine without password and
enables me to watch films and listen to mp3's etc which are stored on my
laptop. /var/log/warn nor /var/log/messages nor /var/log/firewall give any
clue. Could someone tell me which ports I need to open?

I use the following config:

FW_TRUSTED_NETS="192.168.1.X,tcp,microsoft-ds \
192.168.1.X,tcp,netbios-ssn \
192.168.1.X,udp,netbios-dgm \
192.168.1.X,udp,netbios-ns"

Substitute the IP for that of your device, of course. This should work for
the device to connect to your computer, and it is not the only method.

- --
Cheers,
Carlos E. R.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAknbVVQACgkQtTMYHG2NR9UycQCffeyaY0UiN2NKia2MZ43FqXIF
4boAnRDWYU7qOoznrKVY7/UBl6e3Dt+5
=1ybf
-----END PGP SIGNATURE-----

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

lynn

2009-04-07 14:37:33 UTC

Post by Carlos E. R.
"192.168.1.X,tcp,microsoft-ds \
192.168.1.X,tcp,netbios-ssn \
192.168.1.X,udp,netbios-dgm \
192.168.1.X,udp,netbios-ns"

Tried that too with the IP of the NAS, restarted SuSEfirewall2. Still the NAS
can't connect to me. It will only connect when the firewall is turned off so
it must be something to do with the firewall on my laptop no? Still nothing in
the logs.

Saludos, L x

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

lynn

2009-04-07 14:39:21 UTC

Post by lynn
I have SuSEfirewall2 running with ports 135 137 138 139 and 445 found by
Googleing open but it won't connect to me.

How exactly are they opened?

FW_SERVICES_EXT_TCP="135 137 138 139 445"
L x

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Carlos E. R.

2009-04-07 15:03:08 UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Post by Carlos E. R.
"192.168.1.X,tcp,microsoft-ds \
192.168.1.X,tcp,netbios-ssn \
192.168.1.X,udp,netbios-dgm \
192.168.1.X,udp,netbios-ns"

FW_LOG_DROP_CRIT="yes"
FW_LOG_DROP_ALL="yes"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="yes"

That should log everything.

Also, you can try using "iptraf". It is a text app which can show all
connections, attempted or successful, with ports. Better stop everything
else using the network, or it will be difficult to spot what you look for.

- --
Cheers,
Carlos E. R.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAknbazoACgkQtTMYHG2NR9W40ACfYwjT4WmjbLyluzqyZxEcVz1A
FMMAoI571Pa3VT+FGwH8XoLBPw4eN7Gq
=W1PS
-----END PGP SIGNATURE-----

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

lynn

2009-04-07 16:40:37 UTC

Post by Carlos E. R.
"192.168.1.X,tcp,microsoft-ds \
192.168.1.X,tcp,netbios-ssn \
192.168.1.X,udp,netbios-dgm \
192.168.1.X,udp,netbios-ns"

Tried that too with the IP of the NAS, restarted SuSEfirewall2. Still the
NAS can't connect to me. It will only connect when the firewall is turned
off so it must be something to do with the firewall on my laptop no?
Still nothing in the logs.

Hi

It logs this
Apr 7 18:25:38 hh2 kernel: SFW2-IN-ACC-EST IN=eth0 OUT=
MAC=00:12:f0:06:9c:da:00:21:27:cb:46:4e:08:00 SRC=192.168.1.4 DST=192.168.1.3
LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=27065 DF PROTO=TCP SPT=445 DPT=53667
WINDOW=7240

Apr 7 18:29:11 hh2 kernel: SFW2-IN-ACC-EST IN=eth0 OUT=
MAC=00:12:f0:06:9c:da:00:21:91:1a:a5:e8:08:00 SRC=217.70.240.135
DST=192.168.1.3 LEN=122 TOS=0x00 PREC=0x00 TTL=59 ID=35663 DF PROTO=UDP SPT=53
DPT=41184 LEN=102

192.168.1.3 is my laptop, 1.4 the NAS and 217.70.240.135 my external IP. I
just opened port 33 too. I have your stuff still in place in the firewall
script. Still it can't connect to me.

Cheers, Lynn x

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Carlos E. R.

2009-04-07 19:09:05 UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Post by Carlos E. R.
"192.168.1.X,tcp,microsoft-ds \
192.168.1.X,tcp,netbios-ssn \
192.168.1.X,udp,netbios-dgm \
192.168.1.X,udp,netbios-ns"

Apr 7 18:25:38 hh2 kernel: SFW2-IN-ACC-EST IN=eth0 OUT=
MAC=00:12:f0:06:9c:da:00:21:27:cb:46:4e:08:00 SRC=192.168.1.4 DST=192.168.1.3
LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=27065 DF PROTO=TCP SPT=445 DPT=53667
WINDOW=7240

445 is microsoft-ds, which is already opened by the rule above. I don't
know what -EST is, but the -ACC is that the packed was accepted, not
stopped.

Post by lynn
Apr 7 18:29:11 hh2 kernel: SFW2-IN-ACC-EST IN=eth0 OUT=
MAC=00:12:f0:06:9c:da:00:21:91:1a:a5:e8:08:00 SRC=217.70.240.135
DST=192.168.1.3 LEN=122 TOS=0x00 PREC=0x00 TTL=59 ID=35663 DF PROTO=UDP SPT=53
DPT=41184 LEN=102

- From internet to your laptop, accepted. Not related.

Post by lynn
just opened port 33 too. I have your stuff still in place in the firewall
script. Still it can't connect to me.

Then use ethereal aka wireshark to debug the connection.

- --
Cheers,
Carlos E. R.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAknbpNUACgkQtTMYHG2NR9UEOgCaAuS1laDczxSJvThOc1zCBVZN
If8AniBkDPJu/OVZ2TQNWxV8lijv2ovb
=g661
-----END PGP SIGNATURE-----

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Rajko M.

2009-04-07 19:45:41 UTC

Post by lynn
I have SuSEfirewall2 running with ports 135 137 138 139 and 445 found
by Googleing open but it won't connect to me.

How exactly are they opened?

FW_SERVICES_EXT_TCP="135 137 138 139 445"
L x

Not all are TCP, but /etc/services is not helpful to say exactly which one is.
It is listed both for all:

epmap 135/tcp # DCE endpoint resolution
epmap 135/udp # DCE endpoint resolution

netbios-ns 137/tcp # NETBIOS Name Service
netbios-ns 137/udp # NETBIOS Name Service
netbios-dgm 138/tcp # NETBIOS Datagram Service
netbios-dgm 138/udp # NETBIOS Datagram Service
netbios-ssn 139/tcp # NETBIOS Session Service
netbios-ssn 139/udp # NETBIOS Session Service

microsoft-ds 445/tcp # Microsoft-DS
microsoft-ds 445/udp # Microsoft-DS

So you may list UDP as well.

--
Regards, Rajko
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

lynn

2009-04-07 20:08:19 UTC

Post by lynn
just opened port 33 too. I have your stuff still in place in the firewall
script. Still it can't connect to me.

Then use ethereal aka wireshark to debug the connection.

(Carlos: hubiera puesto 53 no 33)

I think I'm asking too much. I use the laptop in different environments and
always disable the firewall just to let me work. It's at home I use the
multimedia box. I'll try the ethereal stuff after I've listened to AC-DC Black
Ice. Thanks ever so much for your patience. L x

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

lynn

2009-04-07 20:11:30 UTC

Post by lynn
I have SuSEfirewall2 running with ports 135 137 138 139 and 445 found
by Googleing open but it won't connect to me.

How exactly are they opened?

FW_SERVICES_EXT_TCP="135 137 138 139 445"
L x

Not all are TCP, but /etc/services is not helpful to say exactly which one
epmap 135/tcp # DCE endpoint resolution
epmap 135/udp # DCE endpoint resolution
netbios-ns 137/tcp # NETBIOS Name Service
netbios-ns 137/udp # NETBIOS Name Service
netbios-dgm 138/tcp # NETBIOS Datagram Service
netbios-dgm 138/udp # NETBIOS Datagram Service
netbios-ssn 139/tcp # NETBIOS Session Service
netbios-ssn 139/udp # NETBIOS Session Service
microsoft-ds 445/tcp # Microsoft-DS
microsoft-ds 445/udp # Microsoft-DS
So you may list UDP as well.
--
Regards, Rajko

Hi
OK, I opened the same UDP port numbers too. Still the NAS cannot connect to
me.
Thanks anyway, it narrows it down a bit.

FWIW, the NAS uses BusyBox Linux. Not sure if I can ask questions about that
here.

L x

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Rajko M.

2009-04-07 21:28:51 UTC

On Tuesday 07 April 2009 03:11:30 pm lynn wrote:
....

Post by lynn
Hi
OK, I opened the same UDP port numbers too. Still the NAS cannot connect to
me.
Thanks anyway, it narrows it down a bit.
FWIW, the NAS uses BusyBox Linux. Not sure if I can ask questions about
that here.

Try to see with Wireshark (ex etheral). It is included in distro and even in
very simple configuration can tell you what is wrong.

--
Regards, Rajko
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

lynn

2009-04-08 07:45:06 UTC

Post by lynn
FWIW, the NAS uses BusyBox Linux. Not sure if I can ask questions about
that here.

Try to see with Wireshark (ex etheral). It is included in distro and even
in very simple configuration can tell you what is wrong.

Hi here is the wireshark output. Any idea what it means? If you have a minute?
I've no idea!

http://sierraberniaschool.com/lynn.txt

L x

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Oddball

2009-04-08 08:00:23 UTC

Post by lynn
FWIW, the NAS uses BusyBox Linux. Not sure if I can ask questions about
that here.

Try to see with Wireshark (ex etheral). It is included in distro and even
in very simple configuration can tell you what is wrong.

Hi here is the wireshark output. Any idea what it means? If you have a minute?
I've no idea!
http://sierraberniaschool.com/lynn.txt
L x

What happens if you move your adapter into the internal zone?
(it is not pretty, but at least something. SFW has been a pain in the
ass for years now if it concerns 'sharing'. I can't even connect from
the same machine to my own shares, with the firewal on..but strange
enough, there are people who seem to manage..)
--
Have a nice day ;)

Oddball aka M9.

OS: Linux 2.6.29-60-default i686
Huidige gebruiker: ***@EEEPC-901-ROB
Systeem: openSUSE 11.1 (i586)
KDE: 4.2.2 (KDE 4.2.2) "release 110"

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Rajko M.

2009-04-08 08:33:48 UTC

Post by Oddball
..but strange
enough, there are people who seem to manage..)

Yeah, I've heard that too. Though, just rumors.
No one wants to come up with clean advice, so I guess it was like, after a lot
of attempts, it worked, somehow.

--
Regards, Rajko
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

lynn

2009-04-08 11:25:37 UTC

Post by Oddball

Post by lynn
Hi here is the wireshark output. Any idea what it means? If you have a
minute? I've no idea!
http://sierraberniaschool.com/lynn.txt
L x

What happens if you move your adapter into the internal zone?

It connects to me fine. But then there's no point:-(

Post by Oddball
(it is not pretty, but at least something. SFW has been a pain in the
ass for years now if it concerns 'sharing'. I can't even connect from
the same machine to my own shares, with the firewal on..but strange
enough, there are people who seem to manage..)

Oh dear. On my work lan with 2 interfaces it works fine. But then again I've
no cifs stuff to mess me around. It's just nfs and it just works. Always. this
cift stuff is just at home. I have a nice sound system and the NAS controls
it.

L x

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Rajko M.

2009-04-08 08:29:25 UTC

Post by lynn
FWIW, the NAS uses BusyBox Linux. Not sure if I can ask questions about
that here.

Try to see with Wireshark (ex etheral). It is included in distro and even
in very simple configuration can tell you what is wrong.

Hi here is the wireshark output. Any idea what it means? If you have a
minute? I've no idea!

Me neither ;-)

Post by lynn
http://sierraberniaschool.com/lynn.txt

The report quits when Tp-LinkT finally starts negotiation who's going to be
boss on the net ie. Local Master. Let them talk a bit more.

--
Regards, Rajko
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Rodney Baker

2009-04-08 09:00:28 UTC

Post by lynn
FWIW, the NAS uses BusyBox Linux. Not sure if I can ask questions about
that here.

Try to see with Wireshark (ex etheral). It is included in distro and even
in very simple configuration can tell you what is wrong.

Hi here is the wireshark output. Any idea what it means? If you have a
minute? I've no idea!
http://sierraberniaschool.com/lynn.txt
L x

Lynn,

Either the firewall is blocking broadcasts from outside (the NAS side) to
inside (the server side) or it is blocking outgoing netbios packets. The NAS
box is trying to do a netbios name query to determine the address of the
server - it is then getting no response so it tries a DNS query (which goes to
your ISP's DNS, which probably doesn't know where your server is anyway, since
it is on your internal network).

The NAS box then tries to force a browser election by claiming to be the
master browser for your network (your server 192.168.1.3 probably should be
the master browser). Apart from DNS, nowhere do I see the server responding to
the netbios name queries and (as Rajko noted elsewhere) your trace finishes
before the browser election is completed.

Does your ADSL router have a built-in firewall? If so, can I suggest that you
enable that and turn off Suse Firewall? That's how I run my network - I have
in fact 2 routers between the network and the outside world - a wireless
router/switch inside the network which talks to the DSL/VoIP modem/router that
is the interface to outside. Both of these devices have firewalls enabled
(probably a bit over the top - one would do) so I dont' bother with the
software firewall (SuSE Firewall) on the server and all Windoze boxes have
their Windoze firewall turned off too.

That way, all machines talking to the server are inside the firewall and I
don't have to worry about access problems between machines (it also helps that
I'm the only user, apart from the wife very occassionally).

HTH.

Rodney.

--
===================================================
Rodney Baker VK5ZTV
***@iinet.net.au
===================================================

Oddball

2009-04-08 09:15:28 UTC

Post by lynn
FWIW, the NAS uses BusyBox Linux. Not sure if I can ask questions about
that here.

Try to see with Wireshark (ex etheral). It is included in distro and even
in very simple configuration can tell you what is wrong.

Hi here is the wireshark output. Any idea what it means? If you have a
minute? I've no idea!
http://sierraberniaschool.com/lynn.txt
L x

Lynn,
Either the firewall is blocking broadcasts from outside (the NAS side) to
inside (the server side) or it is blocking outgoing netbios packets. The NAS
box is trying to do a netbios name query to determine the address of the
server - it is then getting no response so it tries a DNS query (which goes to
your ISP's DNS, which probably doesn't know where your server is anyway, since
it is on your internal network).
The NAS box then tries to force a browser election by claiming to be the
master browser for your network (your server 192.168.1.3 probably should be
the master browser). Apart from DNS, nowhere do I see the server responding to
the netbios name queries and (as Rajko noted elsewhere) your trace finishes
before the browser election is completed.
Does your ADSL router have a built-in firewall? If so, can I suggest that you
enable that and turn off Suse Firewall? That's how I run my network - I have
in fact 2 routers between the network and the outside world - a wireless
router/switch inside the network which talks to the DSL/VoIP modem/router that
is the interface to outside. Both of these devices have firewalls enabled
(probably a bit over the top - one would do) so I dont' bother with the
software firewall (SuSE Firewall) on the server and all Windoze boxes have
their Windoze firewall turned off too.
That way, all machines talking to the server are inside the firewall and I
don't have to worry about access problems between machines (it also helps that
I'm the only user, apart from the wife very occassionally).
HTH.
Rodney.

This is a sane setup, and indeed, one routerfirewall will do, (...i do
not use SFW either, as it too big hassle to get it to work, and *keep*
working after upgrades..)
--
Have a nice day ;)

Oddball aka M9.

OS: Linux 2.6.29-60-default i686
Huidige gebruiker: ***@EEEPC-901-ROB
Systeem: openSUSE 11.1 (i586)
KDE: 4.2.2 (KDE 4.2.2) "release 110"

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Carlos E. R.

2009-04-08 10:41:41 UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Post by Oddball
This is a sane setup, and indeed, one routerfirewall will do, (...i do
not use SFW either, as it too big hassle to get it to work, and *keep*
working after upgrades..)

Mine works fine, but I agree that getting it to work with samba may be...
"touchy" :-)

- --
Cheers,
Carlos E. R.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkncf2cACgkQtTMYHG2NR9UtAQCcDxeVHLa3HH9NVdvTEiKUOfV6
EhwAn0RJiZ9DqoeHpsz0Szmf+NrWg3ue
=Aw4s
-----END PGP SIGNATURE-----

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Carlos E. R.

2009-04-08 10:48:08 UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Post by Rodney Baker
Either the firewall is blocking broadcasts from outside (the NAS side) to
inside (the server side) or it is blocking outgoing netbios packets. The NAS
box is trying to do a netbios name query to determine the address of the
server - it is then getting no response so it tries a DNS query (which goes to
your ISP's DNS, which probably doesn't know where your server is anyway, since
it is on your internal network).

That would be:

FW_ALLOW_FW_BROADCAST_EXT="netbios-ns netbios-dgm"

and, temporarily, to see them in the log:

FW_IGNORE_FW_BROADCAST_EXT="no"

- --
Cheers,
Carlos E. R.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkncgOkACgkQtTMYHG2NR9VgyQCghIeR7b10b5A77ZogMqtXemvZ
jXkAnRAhDEBZTf5VKg7d5NJdSM8Imk69
=JQJE
-----END PGP SIGNATURE-----

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

lynn

2009-04-08 11:37:45 UTC

Post by lynn
FWIW, the NAS uses BusyBox Linux. Not sure if I can ask questions
about that here.

Try to see with Wireshark (ex etheral). It is included in distro and
even in very simple configuration can tell you what is wrong.

Hi here is the wireshark output. Any idea what it means? If you have a
minute? I've no idea!
http://sierraberniaschool.com/lynn.txt
L x

Lynn,
Either the firewall is blocking broadcasts from outside (the NAS side) to
inside (the server side) or it is blocking outgoing netbios packets. The
NAS box is trying to do a netbios name query to determine the address of
the server - it is then getting no response so it tries a DNS query (which
goes to your ISP's DNS, which probably doesn't know where your server is
anyway, since it is on your internal network).
The NAS box then tries to force a browser election by claiming to be the
master browser for your network (your server 192.168.1.3 probably should be
the master browser). Apart from DNS, nowhere do I see the server responding
to the netbios name queries and (as Rajko noted elsewhere) your trace
finishes before the browser election is completed.
Does your ADSL router have a built-in firewall? If so, can I suggest that
you enable that and turn off Suse Firewall? That's how I run my network - I
have in fact 2 routers between the network and the outside world - a
wireless router/switch inside the network which talks to the DSL/VoIP
modem/router that is the interface to outside. Both of these devices have
firewalls enabled (probably a bit over the top - one would do) so I dont'
bother with the software firewall (SuSE Firewall) on the server and all
Windoze boxes have their Windoze firewall turned off too.
That way, all machines talking to the server are inside the firewall and I
don't have to worry about access problems between machines (it also helps
that I'm the only user, apart from the wife very occassionally).
HTH.
Rodney.

Phew. Thanks for taking all that time Rodney. Yes. The adsl router does have a
firewall. It's a good idea if SuSEfirewall2 doesn't work. It has these
options:

Enable DOS and Portscan Protection :
SYN attack :
FIN/URG/PSH attack :
Ping Attack :
Xmas Tree attack :
TCP reset attack :
Null scanning attack :
Ping of Death attack :
SYN/RST SYN/FIN attack :

Which would you suggest setting to 'yes' bearing in mind the my NAS runs a
bittorrent client (ctorrent with dctcs).

There's also NAT which I've no ports forwarded except ALG as follows(the d-
link default I think):

PPTP :
IPSec (VPN Passthrough) :
RTSP (Online Video Streaming) :
Windows/MSN Messenger : (automatically disabled if UPnP is enabled)
FTP :
H.323 (Video Conferencing) :
SIP :

Isn't just NAT good enough for what I want to do? Listen to mp3's and avi's I
have on my laptop? If no one can connect to me from the outside then I'm OK
internally on the lan no?

Cheers, L x

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Carlos E. R.

2009-04-08 11:52:00 UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday, 2009-04-08 at 13:37 +0200, lynn wrote:

...

Post by lynn
Phew. Thanks for taking all that time Rodney. Yes. The adsl router does have a
firewall. It's a good idea if SuSEfirewall2 doesn't work. It has these
Which would you suggest setting to 'yes' bearing in mind the my NAS runs a
bittorrent client (ctorrent with dctcs).

All :-)
But of course, I don't know your router.
For torrent, you'd need to forward some ports for it, I think.

Post by lynn
Isn't just NAT good enough for what I want to do?

Suposedly.
I'm a bit paranoid and prefer to have SuSEfirewall up, too.

- --
Cheers,
Carlos E. R.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkncj+cACgkQtTMYHG2NR9XkXgCfcs8qgVL8uJRrje5CnrkxhXck
CXEAn2HpmWOuDBuVJmYbFN11azWU5pUs
=5JtB
-----END PGP SIGNATURE-----

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Rodney Baker

2009-04-08 15:00:51 UTC

Post by lynn
[...]
Phew. Thanks for taking all that time Rodney. Yes. The adsl router does
have a firewall. It's a good idea if SuSEfirewall2 doesn't work. It has

You're welcome. Actually, scanning log and seeing the problem took less time
than writing the email. Before going too far it may be worth trying the recipe
that Carlos mentioned in an earlier reply. I'd be interested to see if it does
fix the problem (in other words, if I correctly interpreted what I saw in the
wireshark capture file).

Post by lynn
Which would you suggest setting to 'yes' bearing in mind the my NAS runs a
bittorrent client (ctorrent with dctcs).

I concur with Carlos. Set them all. If you enable UPnP then the bittorrent
client will be able to automatically "punch" a hole in the firewall as
required. That is what UPnP is for - to allow aware applications and firewalls
to open and close access on an as-needed basis. In extreme cases it could be
seen as a security risk - whether you use it or not is entirely up to you. I
have used it on my Linksys router and it does work but the torrent client
needs to be UPnP enabled. Your NAS box doco's should detail what config is
needed if it is supported.

Post by lynn
There's also NAT which I've no ports forwarded except ALG as follows(the d-
Windows/MSN Messenger : (automatically disabled if UPnP is enabled)

I would not have any NAT ports forwarded from the outside world unless
absolutely necessary (i.e. either you or someone you trust needs to access
your network from outside the firewall) and then only very selectively e.g.
ssh (for remote admin), https (for webmail perhaps - I've used it for that in
the past) and that's about it.

You probably don't neet PPTP or IPSec unless you're running a VPN to another
site. You don't need RTSP unless you're streaming media to others elsewhere on
the net (and IMHO you'd probably be crazy to try that over a dsl connection),
MSN Messenger (or its Linux equivalent) maybe if you use instant messaging,
H.323 most likely not needed and SIP only if you use a VoIP service (e.g.
Skype or another IP telephony service) from inside your LAN and want to
receive incoming calls.

Post by lynn
Isn't just NAT good enough for what I want to do? Listen to mp3's and avi's
I have on my laptop? If no one can connect to me from the outside then I'm
OK internally on the lan no?

You only need NAT if you want to connect to a box on your lan from outside the
firewall (i.e. elsewhere on the internet). If you have no need to accept
incoming connections from outside, turn it all OFF.

Post by lynn
Cheers, L x

--
===================================================
Rodney Baker VK5ZTV
***@iinet.net.au
===================================================

Carlos E. R.

2009-04-08 23:39:54 UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday, 2009-04-09 at 00:30 +0930, Rodney Baker wrote:

...

Post by lynn
Isn't just NAT good enough for what I want to do? Listen to mp3's and avi's
I have on my laptop? If no one can connect to me from the outside then I'm
OK internally on the lan no?

I thought NAT was used the other way round, to connect one or more
machines on the local net (many IPs) to the internet (one outgoing IP).
Ie, it is what allows several machines with different local IPs to browse
internet, sharing the only one internet address they have.

:-?

Or what I describe has a different name?

- --
Cheers,
Carlos E. R.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkndNcsACgkQtTMYHG2NR9W6YQCeJZQ1W9M8peBdmCqeeLP0s7rv
wgcAn2frPY5UMuenVInopKUMct3IuqfD
=Ad/M
-----END PGP SIGNATURE-----

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Carlos E. R.

2009-04-07 21:45:52 UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Post by lynn
Hi
OK, I opened the same UDP port numbers too. Still the NAS cannot connect to
me.

You should be able to see the rejected ports in the log.

Post by lynn
FWIW, the NAS uses BusyBox Linux. Not sure if I can ask questions about that
here.

Well, you are trying to connec a linux thing to an opensuse machine... I
see no problem there.

The funny thing is that, those nas boxes are linux inside, yet insist on
using a windows protocol to share files, instead of a linux protocol.

- --
Cheers,
Carlos E. R.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAknbyZsACgkQtTMYHG2NR9WWuwCfYPyhIzUtayEsqQPhY8UQf8ML
pWAAn1P9g/v7ZeO8z3UIsUpMOveLbvwe
=dwAV
-----END PGP SIGNATURE-----

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Rodney Baker

2009-04-09 00:53:06 UTC

Post by Carlos E. R.
...

Post by lynn
Isn't just NAT good enough for what I want to do? Listen to mp3's and
avi's I have on my laptop? If no one can connect to me from the outside
then I'm OK internally on the lan no?

You only need NAT if you want to connect to a box on your lan from
outside the firewall (i.e. elsewhere on the internet). If you have no
need to accept incoming connections from outside, turn it all OFF.

Actually, you're right - NAT is used for outgoing connections to route replies
back to the originating host on the internal network, but that is generally
transparent to the user once enabled.

The specific configurations Lynn mentioned were more likely related to Port
Forwarding, which works together with NAT to translate incoming connections to
a specified port on the public IP address to a known port on an internal IP
address.

e.g. if your public ip address is 123.0.123.1 and you have an ssh server
running on 10.1.1.1 on your internal network, you would translate a tcp port
on the outside interface to port 22 on the box running the ssh server like

123.0.123.1:50001 -> 10.1.1.1:22

So incoming ssh connections would need to connect to 123.0.123.1:50001 and
this would be automatically redirected to 10.1.1.1 on port 22.

Outgoing connections via an NAT interface are handled transparently like I
said earlier i.e. if 10.1.1.1 requests an http transfer from 1.2.3.4 (which
appears to the remote server as if from 123.0.123.1, your public ip address),
replies from 1.2.3.4 to 123.0.123.1 are automatically routed back to 10.1.1.1.

Hopefully we're both working on the same page now...:-)

Rodney.

--
===================================================
Rodney Baker VK5ZTV
***@iinet.net.au
===================================================

David C. Rankin

2009-04-09 04:41:50 UTC

Post by lynn
I have writted a /etc/smb.conf to connect to a multimedia NAS (please don't
[global]
workgroup = MSHOME
security = share
[lynnsmb]
path = /home/lsmb
public = yes
guest ok = yes
read only = no
browseable = yes
I have SuSEfirewall2 running with ports 135 137 138 139 and 445 found by
Googleing open but it won't connect to me. The NAS gives me a password
prompt. With the firewall _disabled_ It connects fine without password and
enables me to watch films and listen to mp3's etc which are stored on my
laptop. /var/log/warn nor /var/log/messages nor /var/log/firewall give any
clue. Could someone tell me which ports I need to open?
L x

L,

Try adding the following as a global option in smb.conf:

smb ports = 139
--
David C. Rankin, J.D.,P.E.
Rankin Law Firm, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
Telephone: (936) 715-9333
Facsimile: (936) 715-9339
www.rankinlawfirm.com

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

lynn

2009-04-09 16:22:00 UTC

Post by lynn
I have writted a /etc/smb.conf to connect to a multimedia NAS (please
[global]
workgroup = MSHOME
security = share
[lynnsmb]
path = /home/lsmb
public = yes
guest ok = yes
read only = no
browseable = yes
I have SuSEfirewall2 running with ports 135 137 138 139 and 445 found by
Googleing open but it won't connect to me. The NAS gives me a password
prompt. With the firewall _disabled_ It connects fine without password
and enables me to watch films and listen to mp3's etc which are stored on
my laptop. /var/log/warn nor /var/log/messages nor /var/log/firewall give
any clue. Could someone tell me which ports I need to open?
L x

L,
smb ports = 139

Give that man a big cigar:

Apr 9 18:13:29 hh2 kernel: SFW2-IN-ACC-EST IN=eth0 OUT=
MAC=00:12:f0:06:9c:da:00:21:27:cb:46:4e:08:00:00 SRC=192.168.1.4
DST=192.168.1.3 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=15886 DF PROTO=TCP
SPT=1955 DPT=139 WINDOW=15660 RES=0x00 ACK URGP=0 OPT
(0101080A0016A4F40022FBEC)

NAS connects to laptop through firewall!

L x

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Rajko M.

2009-04-10 06:48:49 UTC

smb ports = 139

Apr 9 18:13:29 hh2 kernel: SFW2-IN-ACC-EST IN=eth0 OUT=
MAC=00:12:f0:06:9c:da:00:21:27:cb:46:4e:08:00:00 SRC=192.168.1.4
DST=192.168.1.3 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=15886 DF PROTO=TCP
SPT=1955 DPT=139 WINDOW=15660 RES=0x00 ACK URGP=0 OPT
(0101080A0016A4F40022FBEC)
NAS connects to laptop through firewall!

That is interesting.

If firewall is down it works, but Samba doesn't use port 139 unless it
configured to do so, which means that connection goes somewhere else, and
that is blocked by firewall.

Isn't that bug?

--
Regards, Rajko
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Joe Morris

2009-04-10 13:49:07 UTC

Post by David C. Rankin
smb ports = 139

That is interesting.
If firewall is down it works, but Samba doesn't use port 139 unless it
configured to do so, which means that connection goes somewhere else, and
that is blocked by firewall.
Isn't that bug?

If it is Windows higher than 2000, it will first try to connect on tcp
port 445. If samba is configured to only listen on 139, it will listen
to both 445 and 139 tcp. I have also found port 445 to be more
problematic. Did Lynn have port 445 tcp open as well?
--
Joe Morris
Registered Linux user 231871 running openSUSE 11.1 x86_64

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

David C. Rankin

2009-04-10 18:02:13 UTC

L,
smb ports = 139

Whoop! I'll take a Macenudo (sp? I don't smoke)

"Even a blind squirrel finds a nut -- every once in a while."

Setting smb ports = 139 gets rid of a bunch of chatter in your logs as well by
telling samba to stick with the standard ports. For some reason, and I forget
when, MS started trying to talk smb over port 445 which caused nothing but
headaches:

http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/cfgsmarts.html

<quote>

If run using NetBIOS mode (the most common method) it is important that the
parameter smb ports = 139 should be specified in the primary smb.conf file.
Failure to do this will result in Samba operating over TCP port 445 and
problematic operation at best, and at worst only being able to obtain the
functionality that is specified in the primary smb.conf file. The use of
NetBIOS over TCP/IP using only TCP port 139 means that the use of the %L macro
is fully enabled. If the smb ports = 139 is not specified (the default is 445
139, or if the value of this parameter is set at 139 445 then the %L macro is
not serviceable.

</quote>
--
David C. Rankin, J.D.,P.E.
Rankin Law Firm, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
Telephone: (936) 715-9333
Facsimile: (936) 715-9339
www.rankinlawfirm.com

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Carlos E. R.

2009-04-10 19:20:48 UTC

Post by Joe Morris

Post by Rajko M.
That is interesting.
If firewall is down it works, but Samba doesn't use port 139 unless it
configured to do so, which means that connection goes somewhere else, and
that is blocked by firewall.
Isn't that bug?

She should; I told her I use this rule:

FW_TRUSTED_NETS="192.168.1.X,tcp,microsoft-ds \
192.168.1.X,tcp,netbios-ssn \
192.168.1.X,udp,netbios-dgm \
192.168.1.X,udp,netbios-ns"

445 is microsoft-dsm and 139 is netbios-ssn. I don't know what exact
configuration she has at the moment.

However, the other side is not windows, but linux using samba (busybox).

- --
Cheers,
Carlos E. R.

lynn

2009-04-11 06:19:22 UTC

Post by lynn
I have writted a /etc/smb.conf to connect to a multimedia NAS (please
[global]
workgroup = MSHOME
security = share
[lynnsmb]
path = /home/lsmb
public = yes
guest ok = yes
read only = no
browseable = yes
I have SuSEfirewall2 running with ports 135 137 138 139 and 445 found
by Googleing open but it won't connect to me. The NAS gives me a
password prompt. With the firewall _disabled_ It connects fine without
password and enables me to watch films and listen to mp3's etc which
are stored on my laptop. /var/log/warn nor /var/log/messages nor
/var/log/firewall give any clue. Could someone tell me which ports I
need to open?
L x

L,
smb ports = 139

Whoop! I'll take a Macenudo (sp? I don't smoke)

Pues no. En Spanish Spanish it's simply no fumo. Maybe that's a Mexican
Spanish term. Unless it's saying un Farias o un Partagas. No se.

Post by David C. Rankin
"Even a blind squirrel finds a nut -- every once in a while."
Setting smb ports = 139 gets rid of a bunch of chatter in your logs as
well by telling samba to stick with the standard ports. For some reason,
and I forget when, MS started trying to talk smb over port 445 which caused
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/cfgsmarts.html
<quote>
If run using NetBIOS mode (the most common method) it is important that the
parameter smb ports = 139 should be specified in the primary smb.conf file.
Failure to do this will result in Samba operating over TCP port 445 and
problematic operation at best, and at worst only being able to obtain the
functionality that is specified in the primary smb.conf file. The use of
NetBIOS over TCP/IP using only TCP port 139 means that the use of the %L
macro is fully enabled. If the smb ports = 139 is not specified (the
default is 445 139, or if the value of this parameter is set at 139 445
then the %L macro is not serviceable.
</quote>

Phew! What is amazing is that NAS' use smb by default. What a mess. I've gone
totally off the idea of NAS anyway. it's overpriced, low quality processor
crippled nonsense. For less than a NAS which is any good like the dlink I can
get a proper quiet=fan box running linux with an hdmi connector which will run
torrent downloads, backup in the background and serve 20 home user folders.
the NAS boxes at the same price crippled. A dlink 323 is brought to a
standstill if you try and do more than two things at a time on it.

There, I've said it!

To get back on thread, I think it's important to remind ourselves that we are
all guessing when it comes to SuSEfirewall2. Fortunately this was a problem at
home being forced to use samba. Had I gone for the nice little proper computer
with a big hard disk running nfs kernel server under a well documented Linux
distro opensuse for example none of this time wasting for me and my loyal and
ever so patient listeners would have. . .

L x

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

lynn

2009-04-11 08:59:05 UTC

Post by Joe Morris
If it is Windows higher than 2000, it will first try to connect on tcp
port 445.

It isn't windows anything. It's BusyBox but just as bad. Everything needs
patching or tweaking.

Lynn officially has:

[global]
smb ports = 139

FW_SERVICES_EXT_TCP="139"
FW_SERVICES_EXT_UDP="139"
FW_TRUSTED_NETS="192.168.1.4/32"

L x

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Carlos E. R.

2009-04-11 10:37:04 UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Post by lynn
FW_SERVICES_EXT_TCP="139"
FW_SERVICES_EXT_UDP="139"
FW_TRUSTED_NETS="192.168.1.4/32"

This essentially opens _all_ ports to packets coming from that IP.

- --
Cheers,
Carlos E. R.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkngctIACgkQtTMYHG2NR9VLCQCfUHKfCr5zhD1FBIqelEIcz7Bb
UBIAnRvVXQutWc8NIfWoXOiAkGzJNFO6
=RnZN
-----END PGP SIGNATURE-----

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Carlos E. R.

2009-04-11 10:56:47 UTC

Post by lynn
Phew! What is amazing is that NAS' use smb by default.

Indeed.
Instead of, or also, using ftp or nfs. After all, it is linux inside.

Post by lynn
What a mess. I've gone
totally off the idea of NAS anyway. it's overpriced, low quality processor
crippled nonsense. For less than a NAS which is any good like the dlink I can
get a proper quiet=fan box running linux with an hdmi connector which will run
torrent downloads, backup in the background and serve 20 home user folders.
the NAS boxes at the same price crippled. A dlink 323 is brought to a
standstill if you try and do more than two things at a time on it.
There, I've said it!

I have a little box, overpriced, but I got it cheap, which sole purpose is
to display terrestrial digital TV (TDT, televisÃ³n digital terrena), do
time shift, and save recordings to a HD plugged into its USB port or via
samba to a computer on the network. Yes, I had problems setting up samba;
but not with the firewall, just samba itself. The firewall I figured
myself, I have some practice. Samba is a maze to me.

Being a linux machine inside has some advantages: there is a group of
hackers that "publish" software upgrades for the box which are actually
better than what the seller suplies. At least I'm covered till the hackers
dissapear and go for a shinier box and let me stuck with my "antigualla",
hopefully years later that the manuafacturer support disapears completely.

The funny thing about these hacker types is that you have to subscribe to
a forum in order to get the software, which is supposed to be open and
free and gnu whatever. And I don't see their sources, even though they
pushed the manufacturer to publish theirs (hidden somewhere in a maze of
links in their web).

Post by lynn
To get back on thread, I think it's important to remind ourselves that we are
all guessing when it comes to SuSEfirewall2. Fortunately this was a problem at
home being forced to use samba. Had I gone for the nice little proper computer
with a big hard disk running nfs kernel server under a well documented Linux
distro opensuse for example none of this time wasting for me and my loyal and
ever so patient listeners would have. . .

The firewall is more or less documented. The configuration file
(/etc/sysconfig/SuSEfirewall2) has inside lots of comments that explains
what each option does. Did you read it? There is also a faq, or should say
was, because it is not mantained anymore. Here:

http://susefaq.sourceforge.net/guides/fw_manual.html

It is dated 2002, but the basics remains the same.

- --
Cheers,
Carlos E. R.

Boyd Stephen Smith Jr.

2009-04-11 16:11:43 UTC

Post by David C. Rankin
Whoop! I'll take a Macenudo (sp? I don't smoke)

Pues no. En Spanish Spanish it's simply no fumo. Maybe that's a Mexican
Spanish term. Unless it's saying un Farias o un Partagas. No se.

A "Macenudo" is a type of cigar. The "sp?" in parenthesis is shorthand for
"the preceding may not be spelled correctly". The "I don't smoke" is an
explanation of why it may not be spelled correctly.

So, David's post could be expanded to:
"Whoop! I'll take a Macenudo cigar. I'm not sure if I spelled 'Macenudo'
correctly, because I don't smoke."

--
Boyd Stephen Smith Jr. ,= ,-_-. =.
***@iguanasuicide.net ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/ \_/

lynn

2009-04-11 18:22:20 UTC

Post by Carlos E. R.
The configuration file
(/etc/sysconfig/SuSEfirewall2) has inside lots of comments that explains
what each option does. Did you read it?

Yep. When Yast failed I read it and tried everything I could before restoring
my backup SuSEfirewall2 script and starting this thread.

I get the bit about
FW_TRUSTED_NETS="192.168.1.4/32"
opening all ports but strangely enough after I did that it only used 139 and
finally connected with the firewall running. Security wise it doesn;t matter
since it's just a NAS sitting beneath my televisor and it's behind my wireless
router firewall anyway. I'm just so glad I don't have to use Samba in the
workplace. It seems so unpredictable. But then so does SuSEfirewall2. I'm
disillusioned that something as simple as this has taken so long to
understand. BTW my NAS is a T50 from the Gallegos. It's a great idea but
crippled by bugs in Busybox, out of date firmware, processor and lack of
memory. For the price I could have got a little Acer with an hdmi port, AMD
64, 1024 memory and avoided all this Samba nonsense. They even look good too.
Caveat E.

Cheers and thanks for all your patience. L x

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

John Andersen

2009-04-11 19:02:07 UTC

Post by lynn
I'm just so glad I don't have to use Samba in the
workplace. It seems so unpredictable. But then so does SuSEfirewall2. I'm
disillusioned that something as simple as this has taken so long to
understand.

Samba seems rock solid in the workplace if you ask me. I've been using
it on installations large and small for 10 years, so perhaps its the
familiarity factor.

On the firewall issue, I use shorewall, because, although its all managed
with a collection of small files rather than a GUI it seems easier to understand
and easier to maintain. Shorewall has shortcuts for common services like
samba smtp ftp pop imap etc.

The quickstart guide is all you need to get started.
http://www.shorewall.net/shorewall_quickstart_guide.htm

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Carlos E. R.

2009-04-11 19:55:55 UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Post by Carlos E. R.
The configuration file
(/etc/sysconfig/SuSEfirewall2) has inside lots of comments that explains
what each option does. Did you read it?

Yep. When Yast failed I read it and tried everything I could before restoring
my backup SuSEfirewall2 script and starting this thread.

I don't use Yast to configure the firewall, it is confusing.

Post by lynn
I get the bit about
FW_TRUSTED_NETS="192.168.1.4/32"
opening all ports but strangely enough after I did that it only used 139

No, it uses more.

Post by lynn
and
finally connected with the firewall running. Security wise it doesn;t matter
since it's just a NAS sitting beneath my televisor and it's behind my wireless
router firewall anyway.

It matters if somebody gets in and uses that IP.

The firewall is very simple! >:-)

Post by lynn
BTW my NAS is a T50 from the Gallegos. It's a great idea but
crippled by bugs in Busybox, out of date firmware, processor and lack of
memory. For the price I could have got a little Acer with an hdmi port, AMD
64, 1024 memory and avoided all this Samba nonsense. They even look good too.
Caveat E.

If you buy a popular NAS you also get updates, from the manufacturer or
from the hacker community (hacker is not "bad", that would be "cracker").

But yes, they are expensive things.

Post by lynn
Cheers and thanks for all your patience. L x

Welcome :-)

- --
Cheers,
Carlos E. R.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkng9c0ACgkQtTMYHG2NR9UFvwCgkxnxBSmlSq49GfbI5zuktRM9
WJgAn3ChEfDMBPzV4vj9y4+AqrecIp4m
=Jst9
-----END PGP SIGNATURE-----

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

lynn

2009-04-12 14:02:00 UTC

Post by John Andersen
I use shorewall, because, although its all managed
with a collection of small files rather than a GUI it seems easier to
understand and easier to maintain.

Hi John. On my lan I used Yast to configure SuSEfirewall2. That's GUI and it
works out of the box on an nfs lan. With samba on a simple 2 box setup it
doesn't. EOS.

Folks, can we drop this now? i feel obliged to reply as I started this
thread.but simply do not have the time to. I really do appreciate what you
guys do and the time you spend here but I can't afford the time you do here.
Thank you all once again for all the time you have given me. I really do feel
guilty because this was not a work issue but a personal listening to music
issue.

Love from Lynn x

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Carlos E. R.

2009-04-12 15:32:34 UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Post by John Andersen
I use shorewall, because, although its all managed
with a collection of small files rather than a GUI it seems easier to
understand and easier to maintain.

Hi John. On my lan I used Yast to configure SuSEfirewall2. That's GUI and it
works out of the box on an nfs lan. With samba on a simple 2 box setup it
doesn't. EOS.
Folks, can we drop this now? i feel obliged to reply as I started this
thread.but simply do not have the time to. I really do appreciate what you
guys do and the time you spend here but I can't afford the time you do here.
Thank you all once again for all the time you have given me. I really do feel
guilty because this was not a work issue but a personal listening to music
issue.

Don't be :-)

Be assured that many have taken note of this, for future possible use when
we have to configure a samba with firewall next time ;-)

(And there is nothing wrong with using linux for home. Many of us try
things at home that later may we use on business, or simply help other
professional chaps with our home brew experience )

Indeed, if the YaST GUI is unable to configure the firewall for use with
samba, it deserves a bugzilla. It should have a "wizard" for "Hey, I want
samba" and be done - and work. I don't know if there is, I don't use the
firewall GUI.

- --
Cheers,
Carlos E. R.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkniCZMACgkQtTMYHG2NR9U9RgCfTOguz103SIuyakTrM5LA5gwb
75gAn3bdZFVA7HEQFkFzYBMZpSP8tsRz
=IvQS
-----END PGP SIGNATURE-----

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Rajko M.

2009-04-12 17:27:35 UTC