> > > On Mar 24, 2013 7:04 AM, "steve" <st...@steve-ss.com> wrote: > > > Samba 4.0.4 on openSUSE 12.3 > > Hi everyone. > > > > Does anyone have a list of ports which have to be open to allow full DC > > operation? > > > > I'm no expert in firewalls and only have Yast at my disposal to configure > > it. I've tried opening samba server and DNS server ports via Yast but I > > must be missing something because I have to turn off the firewall to e.g. > > join a Windows client to the domain. Maybe Yast isn't the right tool? > > > > Cheers, > > Steve > > Hello Steve,
I have the following exceptions. Most of this came from netstat and monitoring traffic. A few were picked up in Microsoft documentation, though I've not seen my DC actually use them. Take special note of the last entry. It is my understanding that Samba4 uses 1024 by default, however if that port is not available it will use 1025, 1026, etc until it finds an open port. iptables -A INPUT -p tcp --dport 389 -j ACCEPT # LDAP iptables -A INPUT -p udp --dport 389 -j ACCEPT # LDAP (UDP) iptables -A INPUT -p tcp --dport 636 -j ACCEPT # LDAPS iptables -A INPUT -p tcp --dport 53 -j ACCEPT # DNS (TCP) iptables -A INPUT -p udp --dport 53 -j ACCEPT # DNS (UDP) iptables -A INPUT -p tcp --dport 88 -j ACCEPT # Kerberos (TCP) iptables -A INPUT -p udp --dport 88 -j ACCEPT # Kerberos (UDP) iptables -A INPUT -p tcp --dport 464 -j ACCEPT # Kerberos Password (TCP) iptables -A INPUT -p udp --dport 464 -j ACCEPT # Kerberos Password (UDP) iptables -A INPUT -p tcp --dport 135 -j ACCEPT # RPC iptables -A INPUT -p udp --dport 137 -j ACCEPT # NetBIOS Name Service iptables -A INPUT -p udp --dport 138 -j ACCEPT # NetBIOS Datagram Service iptables -A INPUT -p tcp --dport 139 -j ACCEPT # NetBIOS Session Service iptables -A INPUT -p tcp --dport 445 -j ACCEPT # MS Directory Service iptables -A INPUT -p tcp --dport 3268 -j ACCEPT # MS Global Catalog iptables -A INPUT -p tcp --dport 1024 -j ACCEPT # DCOM *note this port is not static* -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba