Bug 503761

Summary: No workgroup if firewall working
Product: [openSUSE] openSUSE 11.2 Reporter: Forgotten User d8u6e9Lt6y <forgotten_d8u6e9Lt6y>
Component: YaST2Assignee: Ludwig Nussel <lnussel>
Status: RESOLVED INVALID QA Contact: Jiri Srain <jsrain>
Severity: Normal    
Priority: P5 - None    
Version: Milestone 1   
Target Milestone: ---   
Hardware: i686   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Forgotten User d8u6e9Lt6y 2009-05-14 06:32:11 UTC 
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; it; rv:1.9.0.10) Gecko/2009042700 SUSE/3.0.10-2.1 Firefox/3.0.10

is an old question....

if i run SAMBA and i select in yast2 "open prti in firewall" i dont see the I do not see the various groups in the network 

when i select K-->computer-->Netwrok-->samba shared
I see the error go out:

"unable to find any workgrups in your local network.Yhis might be caused by enabled firewall"

if i shtdown the firewall, work perfectly!

the question is: why not open the door right on the firewall? 

ciao da Andrea

Reproducible: Always

Steps to Reproduce:
1.run samba (in yast2)
2.flag the "openports in firewall (for samba)" in yast2
3."unable to find any workgrups in your local network.Yhis might be caused by enabled firewall"
Comment 1 Ludwig Nussel 2009-05-14 13:29:18 UTC 
all ports in the external zone are closed by default.
use the internal zone for interfaces you need samba browsing instead.
alternatively there is also an option in the firewall module to enable samba-client. samba-server is not sufficient.
Comment 2 Forgotten User d8u6e9Lt6y 2009-05-14 16:16:34 UTC 
samba work good only if use this procedure:

    * Use YaST -> Network services -> Samba server and Samba client tools to configure samba accordingly to your needs, and select to open the firewall ports. This properly sets SuSEfirewall2 to open the static samba ports 137, 138, 139 and 445, but doesn’t open high ports, required for some features like network browsing.

    * Open YaST -> System -> /etc/sysconfig editor, and in the tree on your left select Network -> Firewall -> SuSEfirewall, and locate the FW_SERVICES_ACCEPT_EXT entry.

    * Assign to this entry the following value: 0/0,tcp,1024:65535,137:139 0/0,udp,1024:65535,137:139

    * Accept and confirm the change.

    *

      Reboot your system or restart samba services to make samba aware of the changes.


but is very complex. too complex for me and for the "normal" users
Comment 3 Ludwig Nussel 2009-05-15 06:52:48 UTC 
sure, if you want to have gaping security holes in your external zone you can do it that way.