Am Samstag, 10. Februar 2007 04:27 schrieb Volker Kuhlmann: > > > It worked in 9.3 (if I remember right), and it's actually an obstacle > > > for new users who try to configure samba, do that properly in Yast, but > > > can't browse the local network even after selecting "Open firewall > > > ports" in the Samba server yast tool. > > > > Just put the respective network interface into the Internal Zone, > > it has all ports opened by default. > > You can't be serious with that suggestion. Most computers have one > network interface, so it's equivalent to "uninstall SuSEfirewall". > The "internal" and "DMZ" interfaces are only useful when the box is a > router, otherwise all interfaces are "external". Fix yast to open > appropriate ports in the firewall config, as happens for any other > service as well.
Ok, let's repeat the whole thing again. ;-) Yes, putting the network interface into the Internal Zone basically means you switch of your firewall. But if we had a firewall rule that just opened all the ports we'd need to open to get SMB share browsing to work the effect would be nearly the same. It's as simple as that: Firewall on: No share browsing; firewall off: share browsing works, but less security. The only secure solution would be an "intelligent" firewall, something similar to the "personal firewalls" on Windows. This is a long-term project, not something we can change in the current SuSEfirewall by just adding appropriate Samba rules. Cheers Joachim -- Joachim Werner <[EMAIL PROTECTED]> Project Manager Contracts, Migration, SDK Novell, Linux R&D Nuernberg --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
