Hallo,
eins vor weg, habe schon gegoogelt und auch die Sufu benutzt, hab auch eine Menge gefunden und ausprobiert aber ohne Erfolg. Sitze an diesem Problem schon mehr als 2 Wochen, ihr seid jetzt meine Letzte Hoffnung.

Also, wenn ich die Firewall anstelle, habe ich kein Zugriff mehr auf Samba, ohne Firewall läuft Samba ohne Probleme.

Firewall Grundeinstellungen

Abzusichernde Schnittstellen:
externe Schnittstelle - eth"meine Netzwerkkarte"
interne Schnittstelle - keine

Dienste
http, Samba-server, NFS-server, ssh

zusätzliche Dienste
UDP: 137 138
TCP: 139 445

Features
Traceroute erlauben

Wenn euch jetzt noch was fehlt zu Eingrenzung meines Problemes, kein Problem wird dann sofort nachgereicht

Es waere nett zu wissen welche Firewall du benutzt und eine Output der Firefall welche Ports geoeffnet/geschlossen sind.

AFAIK ist das Command mit iptables "iptables --list".

mfG

Es handelt sich um die SuseFirewall2 und Samba 3.0.7-5, das ganze läuft unter Suse 9.2.

Habe mal noch weiter die Sufu geqält und mir ist aufgefallen, das man mit Samba ein ganzen Forum befüllen könnte damit, bin also hier nicht der einzigste mit diesem Problem.
Aber warum wird das dennoch so schleppend behandelt!!!!

Habe mal noch weiter die Sufu geqält und mir ist aufgefallen, das man mit Samba ein ganzen Forum befüllen könnte damit, bin also hier nicht der einzigste mit diesem Problem.
Aber warum wird das dennoch so schleppend behandelt!!!!

Vielleicht weils keiner weiss? Ich zumindest benutze Suse nicht.

Vielleicht weils keiner weiss? Ich zumindest benutze Suse nicht.

Das hab ich mir fast schon denken können, aber es muss doch irgendwie funktionieren.

Welche Distrie benutzt du denn, oder empfielst du mir?

willst du wegen dieses problems die distro wechseln und neu aufsetztn!!?!?

mach mach "iptable -L" und poste was da raus kommt...

willst du wegen dieses problems die distro wechseln und neu aufsetztn!!?!?

mach mach "iptable -L" und poste was da raus kommt...

basiert die Suse-Firewall auf iptables?

PS: Ich benutze Debian, aber ich sehe keinen Grund wegen einem Software-Problem die Distribution zu wechseln.

mfG

inux:~ # iptable -L
bash: iptable: command not found
linux:~ #

scheint nicht auf iptable zu basieren und nun?

inux:~ # iptable -L
bash: iptable: command not found
linux:~ #

scheint nicht auf iptable zu basieren und nun?

Es heisst iptables.

mfG

Es heisst iptables.

mfG

linux:~ # iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
linux:~ #

Wenn die Firewall aus ist und hier wenn sie an ist:
linux:~ # iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state RELATED,ESTAB
LISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTAB
LISHED
input_ext all -- anywhere anywhere
input_int all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 3/min bu
rst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET '
DROP all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
LOG icmp -- anywhere anywhere limit: avg 3/min bu
rst 5 icmp time-exceeded LOG level warning tcp-options ip-options prefix `SFW2-O
UT-TRACERT-ATTEMPT '
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp port-unreachab
le
ACCEPT icmp -- anywhere anywhere icmp fragmentation-
needed
ACCEPT icmp -- anywhere anywhere icmp network-prohib
ited
ACCEPT icmp -- anywhere anywhere icmp host-prohibite
d
ACCEPT icmp -- anywhere anywhere icmp communication-
prohibited
DROP icmp -- anywhere anywhere icmp destination-un
reachable
ACCEPT all -- anywhere anywhere state NEW,RELATED,E
STABLISHED
LOG all -- anywhere anywhere limit: avg 3/min bu
rst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR '

Chain forward_dmz (0 references)
target prot opt source destination

Chain forward_ext (0 references)
target prot opt source destination

Chain forward_int (0 references)
target prot opt source destination

Chain input_dmz (0 references)
target prot opt source destination
DROP all -- anywhere anywhere PKTTYPE = broadcast

ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere state RELATED,ESTAB
LISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTAB
LISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTAB
LISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTAB
LISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTAB
LISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTAB
LISHED icmp address-mask-reply
LOG all -- anywhere anywhere limit: avg 3/min bu
rst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-INdmz-
DROP-DEFLT-INV '
DROP all -- anywhere anywhere state INVALID
LOG tcp -- anywhere anywhere limit: avg 3/min bu
rst 5 tcp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix
`SFW2-INdmz-DROP-DEFLT '
LOG icmp -- anywhere anywhere limit: avg 3/min bu
rst 5 icmp source-quench LOG level warning tcp-options ip-options prefix `SFW2-I
Ndmz-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere limit: avg 3/min bu
rst 5 icmp redirect LOG level warning tcp-options ip-options prefix `SFW2-INdmz-
DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere limit: avg 3/min bu
rst 5 icmp echo-request LOG level warning tcp-options ip-options prefix `SFW2-IN
dmz-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere limit: avg 3/min bu
rst 5 icmp timestamp-request LOG level warning tcp-options ip-options prefix `SF
W2-INdmz-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere limit: avg 3/min bu
rst 5 icmp address-mask-request LOG level warning tcp-options ip-options prefix
`SFW2-INdmz-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere limit: avg 3/min bu
rst 5 icmp type 2 LOG level warning tcp-options ip-options prefix `SFW2-INdmz-DR
OP-ICMP-CRIT '
LOG udp -- anywhere anywhere limit: avg 3/min bu
rst 5 LOG level warning tcp-options ip-options prefix `SFW2-INdmz-DROP-DEFLT '
DROP all -- anywhere anywhere

Chain input_ext (1 references)
target prot opt source destination
DROP all -- anywhere anywhere PKTTYPE = broadcast

ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere state RELATED,ESTAB
LISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTAB
LISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTAB
LISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTAB
LISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTAB
LISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTAB
LISHED icmp address-mask-reply
LOG all -- anywhere anywhere limit: avg 3/min bu
rst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-INext-
DROP-DEFLT-INV '
DROP all -- anywhere anywhere state INVALID
LOG tcp -- anywhere anywhere limit: avg 3/min bu
rst 5 tcp dpt:netbios-ssn flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip
-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn

LOG tcp -- anywhere anywhere limit: avg 3/min bu
rst 5 tcp dpt:microsoft-ds flags:SYN,RST,ACK/SYN LOG level warning tcp-options i
p-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-d
s
LOG tcp -- anywhere anywhere limit: avg 3/min bu
rst 5 tcp dpt:http flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-option
s prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:http
LOG tcp -- anywhere anywhere limit: avg 3/min bu
rst 5 tcp dpt:http flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-option
s prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:http
LOG tcp -- anywhere anywhere limit: avg 3/min bu
rst 5 tcp dpt:microsoft-ds flags:SYN,RST,ACK/SYN LOG level warning tcp-options i
p-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-d
s
LOG tcp -- anywhere anywhere limit: avg 3/min bu
rst 5 tcp dpt:netbios-dgm flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip
-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-dgm

LOG tcp -- anywhere anywhere limit: avg 3/min bu
rst 5 tcp dpt:netbios-ns flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-
options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ns
LOG tcp -- anywhere anywhere limit: avg 3/min bu
rst 5 tcp dpt:netbios-ssn flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip
-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn

LOG tcp -- anywhere anywhere limit: avg 3/min bu
rst 5 tcp dpt:ssh flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options
prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
reject_func tcp -- anywhere anywhere tcp dpt:ident sta
te NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm

LOG tcp -- anywhere anywhere limit: avg 3/min bu
rst 5 tcp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix
`SFW2-INext-DROP-DEFLT '
LOG icmp -- anywhere anywhere limit: avg 3/min bu
rst 5 icmp source-quench LOG level warning tcp-options ip-options prefix `SFW2-I
Next-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere limit: avg 3/min bu
rst 5 icmp redirect LOG level warning tcp-options ip-options prefix `SFW2-INext-
DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere limit: avg 3/min bu
rst 5 icmp echo-request LOG level warning tcp-options ip-options prefix `SFW2-IN
ext-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere limit: avg 3/min bu
rst 5 icmp timestamp-request LOG level warning tcp-options ip-options prefix `SF
W2-INext-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere limit: avg 3/min bu
rst 5 icmp address-mask-request LOG level warning tcp-options ip-options prefix
`SFW2-INext-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere limit: avg 3/min bu
rst 5 icmp type 2 LOG level warning tcp-options ip-options prefix `SFW2-INext-DR
OP-ICMP-CRIT '
LOG udp -- anywhere anywhere limit: avg 3/min bu
rst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
DROP all -- anywhere anywhere

Chain input_int (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere state RELATED,ESTAB
LISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTAB
LISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTAB
LISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTAB
LISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTAB
LISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTAB
LISHED icmp address-mask-reply
LOG all -- anywhere anywhere limit: avg 3/min bu
rst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-INint-
DROP-DEFLT-INV '
DROP all -- anywhere anywhere state INVALID
LOG tcp -- anywhere anywhere limit: avg 3/min bu
rst 5 tcp dpt:http flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-option
s prefix `SFW2-INint-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:http
LOG tcp -- anywhere anywhere limit: avg 3/min bu
rst 5 tcp dpt:netbios-ssn flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip
-options prefix `SFW2-INint-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn

LOG tcp -- anywhere anywhere limit: avg 3/min bu
rst 5 tcp dpt:microsoft-ds flags:SYN,RST,ACK/SYN LOG level warning tcp-options i
p-options prefix `SFW2-INint-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-d
s
LOG tcp -- anywhere anywhere limit: avg 3/min bu
rst 5 tcp dpt:http flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-option
s prefix `SFW2-INint-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:http
LOG tcp -- anywhere anywhere limit: avg 3/min bu
rst 5 tcp dpt:microsoft-ds flags:SYN,RST,ACK/SYN LOG level warning tcp-options i
p-options prefix `SFW2-INint-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-d
s
LOG tcp -- anywhere anywhere limit: avg 3/min bu
rst 5 tcp dpt:netbios-dgm flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip
-options prefix `SFW2-INint-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-dgm

LOG tcp -- anywhere anywhere limit: avg 3/min bu
rst 5 tcp dpt:netbios-ns flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-
options prefix `SFW2-INint-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ns
LOG tcp -- anywhere anywhere limit: avg 3/min bu
rst 5 tcp dpt:netbios-ssn flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip
-options prefix `SFW2-INint-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn

LOG tcp -- anywhere anywhere limit: avg 3/min bu
rst 5 tcp dpt:ssh flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options
prefix `SFW2-INint-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm

LOG tcp -- anywhere anywhere limit: avg 3/min bu
rst 5 tcp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix
`SFW2-INint-DROP-DEFLT '
LOG icmp -- anywhere anywhere limit: avg 3/min bu
rst 5 icmp source-quench LOG level warning tcp-options ip-options prefix `SFW2-I
Nint-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere limit: avg 3/min bu
rst 5 icmp redirect LOG level warning tcp-options ip-options prefix `SFW2-INint-
DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere limit: avg 3/min bu
rst 5 icmp echo-request LOG level warning tcp-options ip-options prefix `SFW2-INint-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp timestamp-request LOG level warning tcp-options ip-options prefix `SFW2-INint-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp address-mask-request LOG level warning tcp-options ip-options prefix`SFW2-INint-DROP-ICMP-CRIT '
LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 icmp type 2 LOG level warning tcp-options ip-options prefix `SFW2-INint-DROP-ICMP-CRIT '
LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INint-DROP-DEFLT '
DROP all -- anywhere anywhere

Chain reject_func (1 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable

kann mir den keiner helfen, ich stecke in einer Sackgasse