[Cooker] [Bug 4697] [drakxtools] Add SMB to the list of services that can be unblocked
http://qa.mandrakesoft.com/show_bug.cgi?id=4697 --- Additional Comments From [EMAIL PROTECTED] 2003-22-10 01:03 --- Yes, I know that this is insecure as someone may easily scan for e.g. Jabber services from UDP port 137 to UDP ports >1024 when the firewall has those rules. But anybody who opens SMB on the firewall usually knows that this is risky... -- Configure bugmail: http://qa.mandrakesoft.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug, or are watching someone who is. --- Reminder: --- assigned_to: [EMAIL PROTECTED] status: NEW creation_date: description: Mandrake is frequently used as a SMB server with use of Samba. The list of ports that need to be passed through for the SMB protocol to work lists 4 ports, and it's not very easy to find this list on the Internet. Those ports are: 137/udp 138/udp 139/tcp 445/tcp So anyone who would like to open SMB using drakfirewall, would have to click "advanced" and type: 137/udp 138/udp 139/tcp 445/tcp This is far from intuitive of course, even for advanced power-users who want a personal firewall on their workstation and filesharing with Windows at the same time. I propose that an additional checkbox be added to drakfirewall, "SMB", that opens those 4 ports on the firewall.
[Cooker] [Bug 4697] [drakxtools] Add SMB to the list of services that can be unblocked
http://qa.mandrakesoft.com/show_bug.cgi?id=4697 --- Additional Comments From [EMAIL PROTECTED] 2003-22-10 01:00 --- It seems that machines that respond to SMb NetBIOS name query broadcasts do so by fire-ing UDP packets _from_ port 137 _to_ a random port, not the reverse... BTW, I suspect that this might also affect the operation of lisa service. So if the user needs to have access to network neighborhood with simple netbios broadcasts instead of a WINS server, DrakFirewall has to also add those entries to Shorewall's /etc/shorewall/rules file. -- Configure bugmail: http://qa.mandrakesoft.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug, or are watching someone who is. --- Reminder: --- assigned_to: [EMAIL PROTECTED] status: NEW creation_date: description: Mandrake is frequently used as a SMB server with use of Samba. The list of ports that need to be passed through for the SMB protocol to work lists 4 ports, and it's not very easy to find this list on the Internet. Those ports are: 137/udp 138/udp 139/tcp 445/tcp So anyone who would like to open SMB using drakfirewall, would have to click "advanced" and type: 137/udp 138/udp 139/tcp 445/tcp This is far from intuitive of course, even for advanced power-users who want a personal firewall on their workstation and filesharing with Windows at the same time. I propose that an additional checkbox be added to drakfirewall, "SMB", that opens those 4 ports on the firewall.
[Cooker] [Bug 4697] [drakxtools] Add SMB to the list of services that can be unblocked
http://qa.mandrakesoft.com/show_bug.cgi?id=4697 --- Additional Comments From [EMAIL PROTECTED] 2003-22-10 00:57 --- Just found on http://www.shorewall.net/samba.htm: If the firewall needs to be able to act as a SMB client, including discovery (e.g. with LinNeighborhood or Gnomba), additional changes need to be done in order to make SMB clients work on the firewalled machine. Only after I've added the following lines to the "rules" file I could browser the network neighborhood: ACCEPT fw net udp 1024: 137 ACCEPT net fw udp 1024: 137 -- Configure bugmail: http://qa.mandrakesoft.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug, or are watching someone who is. --- Reminder: --- assigned_to: [EMAIL PROTECTED] status: NEW creation_date: description: Mandrake is frequently used as a SMB server with use of Samba. The list of ports that need to be passed through for the SMB protocol to work lists 4 ports, and it's not very easy to find this list on the Internet. Those ports are: 137/udp 138/udp 139/tcp 445/tcp So anyone who would like to open SMB using drakfirewall, would have to click "advanced" and type: 137/udp 138/udp 139/tcp 445/tcp This is far from intuitive of course, even for advanced power-users who want a personal firewall on their workstation and filesharing with Windows at the same time. I propose that an additional checkbox be added to drakfirewall, "SMB", that opens those 4 ports on the firewall.
[Cooker] [Bug 4697] [drakxtools] Add SMB to the list of services that can be unblocked
http://qa.mandrakesoft.com/show_bug.cgi?id=4697 --- Additional Comments From [EMAIL PROTECTED] 2003-01-09 17:40 --- what's the exact list of ports to open ? -- Configure bugmail: http://qa.mandrakesoft.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug, or are watching someone who is. --- Reminder: --- assigned_to: [EMAIL PROTECTED] status: NEW creation_date: description: Mandrake is frequently used as a SMB server with use of Samba. The list of ports that need to be passed through for the SMB protocol to work lists 4 ports, and it's not very easy to find this list on the Internet. Those ports are: 137/udp 138/udp 139/tcp 445/tcp So anyone who would like to open SMB using drakfirewall, would have to click "advanced" and type: 137/udp 138/udp 139/tcp 445/tcp This is far from intuitive of course, even for advanced power-users who want a personal firewall on their workstation and filesharing with Windows at the same time. I propose that an additional checkbox be added to drakfirewall, "SMB", that opens those 4 ports on the firewall.
[Cooker] [Bug 4697] [drakxtools] Add SMB to the list of services that can be unblocked
http://qa.mandrakesoft.com/show_bug.cgi?id=4697 --- Additional Comments From [EMAIL PROTECTED] 2003-01-09 18:25 --- See the initial comment in this bug: "137/udp 138/udp 139/tcp 445/tcp" I've usually typed this manually in the firewall wizard, using "Advanced" button and it works, unblokcing SMB. -- Configure bugmail: http://qa.mandrakesoft.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug, or are watching someone who is. --- Reminder: --- assigned_to: [EMAIL PROTECTED] status: NEW creation_date: description: Mandrake is frequently used as a SMB server with use of Samba. The list of ports that need to be passed through for the SMB protocol to work lists 4 ports, and it's not very easy to find this list on the Internet. Those ports are: 137/udp 138/udp 139/tcp 445/tcp So anyone who would like to open SMB using drakfirewall, would have to click "advanced" and type: 137/udp 138/udp 139/tcp 445/tcp This is far from intuitive of course, even for advanced power-users who want a personal firewall on their workstation and filesharing with Windows at the same time. I propose that an additional checkbox be added to drakfirewall, "SMB", that opens those 4 ports on the firewall.
[Cooker] [Bug 4697] [drakxtools] Add SMB to the list of services that can be unblocked
http://qa.mandrakesoft.com/show_bug.cgi?id=4697 --- Additional Comments From [EMAIL PROTECTED] 2003-01-09 12:08 --- It is still valid in 9.2 RC1 installer. Please, add this setting, it makes it so much simpler for users in heterogenous networks to setup their personal firewall settings... -- Configure bugmail: http://qa.mandrakesoft.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug, or are watching someone who is. --- Reminder: --- assigned_to: [EMAIL PROTECTED] status: NEW creation_date: description: Mandrake is frequently used as a SMB server with use of Samba. The list of ports that need to be passed through for the SMB protocol to work lists 4 ports, and it's not very easy to find this list on the Internet. Those ports are: 137/udp 138/udp 139/tcp 445/tcp So anyone who would like to open SMB using drakfirewall, would have to click "advanced" and type: 137/udp 138/udp 139/tcp 445/tcp This is far from intuitive of course, even for advanced power-users who want a personal firewall on their workstation and filesharing with Windows at the same time. I propose that an additional checkbox be added to drakfirewall, "SMB", that opens those 4 ports on the firewall.
[Cooker] [Bug 4697] [drakxtools] Add SMB to the list of services that can be unblocked
http://qa.mandrakesoft.com/show_bug.cgi?id=4697 [EMAIL PROTECTED] changed: What|Removed |Added Severity|normal |enhancement Status|UNCONFIRMED |NEW Ever Confirmed||1 --- Additional Comments From [EMAIL PROTECTED] 2003-12-08 14:03 --- I am not sure that "SMB" is the best choice, when other options are "Domain Name Server". Maybe "Windows Networking (SMB/CIFS)" would be better. Also, the whole design of drakfirewall ignores the fact that linux servers in small offices often do internet connection sharing *and* other services, so it would be nice if drakfirewall could allow the admin to allow SMB traffic to the internal network and not to the external network ... it's not a good idea to have it open the same services on both sides ... -- Configure bugmail: http://qa.mandrakesoft.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug, or are watching someone who is. --- Reminder: --- assigned_to: [EMAIL PROTECTED] status: NEW creation_date: description: Mandrake is frequently used as a SMB server with use of Samba. The list of ports that need to be passed through for the SMB protocol to work lists 4 ports, and it's not very easy to find this list on the Internet. Those ports are: 137/udp 138/udp 139/tcp 445/tcp So anyone who would like to open SMB using drakfirewall, would have to click "advanced" and type: 137/udp 138/udp 139/tcp 445/tcp This is far from intuitive of course, even for advanced power-users who want a personal firewall on their workstation and filesharing with Windows at the same time. I propose that an additional checkbox be added to drakfirewall, "SMB", that opens those 4 ports on the firewall.