Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: firewalld how to open ports corretly?

  1. #1
    Join Date
    Oct 2014
    Location
    Brazil
    Posts
    64

    Lightbulb firewalld how to open ports corretly?

    Hello!
    How are you?

    I need open ports in firewalld. I did try many times. First try at public zone and after trusted by terminal --permanet commad by yast2 and not works. Opensuse is with network manager on the oracle VM, bridge mode, network permit all. I did read official doc. When let firewall off, the ports have access ok (of course), only to say that service is running right but, I do not want let firewall in mode off. I am confused how to configure it.
    The ports that I need open are samba-ad-dc


    Please, somebody can help me?

    Thank you so much

  2. #2
    Join Date
    Mar 2020
    Location
    São Leopoldo, RS, Brazil
    Posts
    153

    Default Re: firewalld how to open ports corretly?

    There's 2 steps to have firewall let you use specific ports:

    1. Assign the network connection to a firewall zone (General configuration tab)
    2. Open wanted ports for that firewall zone (YaST Firewall and/or config files)


    What step from above did you do when you mention the public/trusted zone? On YaST Firewall there are some predefined services you can add to a given firewall zone, including some known samba configurations.
    openSUSE Tumbleweed

  3. #3
    Join Date
    Oct 2014
    Location
    Brazil
    Posts
    64

    Default Re: firewalld how to open ports corretly?

    Hello

    Quote Originally Posted by awerlang View Post
    There's 2 steps to have firewall let you use specific ports:

    1. Assign the network connection to a firewall zone (General configuration tab)
    2. Open wanted ports for that firewall zone (YaST Firewall and/or config files)


    What step from above did you do when you mention the public/trusted zone? On YaST Firewall there are some predefined services you can add to a given firewall zone, including some known samba configurations.
    1 - Yes, Network connection assigned to zone = public
    2 - All ports tcp/udp from samba-ad-dc put in zone-=public

    samba-ad-dc is different that only samba, I think! And it does not as predefined service in firewall zone. For this I get samba-ad-dc ports to try open them but, not works or still stay blocked!

    thanks

  4. #4
    Join Date
    Mar 2020
    Location
    São Leopoldo, RS, Brazil
    Posts
    153

    Default Re: firewalld how to open ports corretly?

    Look in the logs:

    Code:
    sudo less /var/log/firewalld
    To create a custom service definition, you need to:

    1. Create a service .xml file
    2. Restart the firewall service so it becomes aware of the new service
    3. Add the service to the running firewall's zone
    4. Make it permanent


    Possibly you've forgotten one step, or have done in a different order:
    Code:
    sudo tee /etc/firewalld/services/spotify.xml >/dev/null <<EOF
    <?xml version="1.0" encoding="utf-8"?>
    <service>
      <short>Spotify</short>
      <description>Spotify Connect</description>
      <port protocol="udp" port="5353"/>
      <port protocol="tcp" port="57621"/>
    </service>
    EOF
    
    sudo systemctl restart firewalld
    sudo firewall-cmd --zone=home --add-service=spotify
    sudo firewall-cmd --permanent --zone=home --add-service=spotify
    openSUSE Tumbleweed

  5. #5
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    21,584
    Blog Entries
    1

    Default Re: firewalld how to open ports corretly?

    Create a custom service eg /etc/firewalld/services/samba-dc.xml
    Code:
    <?xml version="1.0" encoding="utf-8"?>
    <service>
      <short>Samba DC</short>
      <description>This option allows you to use this computer as a Samba Active Directory Domain Controller. You need the samba-dc package installed for this option to be useful.</description>
      <port protocol="tcp" port="53"/><!-- DNS -->
      <port protocol="udp" port="53"/><!-- DNS -->
      <port protocol="tcp" port="88"/><!-- Kerberos -->
      <port protocol="udp" port="88"/><!-- Kerberos -->
      <port protocol="tcp" port="135"/><!-- End Point Mapper (DCE/RPC Locator Service -->
      <port protocol="udp" port="137"/><!-- NetBIOS Name Service -->
      <port protocol="udp" port="138"/><!-- NetBIOS Datagram -->
      <port protocol="tcp" port="139"/><!-- NetBIOS Session -->
      <port protocol="tcp" port="389"/><!-- LDAP -->
      <port protocol="udp" port="389"/><!-- CLDAP -->
      <port protocol="tcp" port="445"/><!-- SMB over TCP -->
      <port protocol="tcp" port="464"/><!-- Kerberos kpasswd -->
      <port protocol="udp" port="464"/><!-- Kerberos kpasswd -->
      <port protocol="tcp" port="636"/><!-- LDAPS -->
      <port protocol="tcp" port="49152-65535"/><!-- Dynamic RPC Ports -->
      <port protocol="tcp" port="3268"/><!-- Global Catalog -->
      <port protocol="tcp" port="3269"/><!-- Global Catalog SSL -->
      <module name="netbios-ns"/>
    </service>
    Once that's done, do
    Code:
    sudo firewalld --reload
    Add the service to the appropriate zone. For example
    Code:
    sudo firewall-cmd --zone=trusted --add-service=samba-dc
    See how that goes.
    Last edited by deano_ferrari; 12-Jun-2020 at 21:01.
    openSUSE Leap 15.2; KDE Plasma 5

  6. #6
    Join Date
    Oct 2014
    Location
    Brazil
    Posts
    64

    Default Re: firewalld how to open ports corretly?

    Hello!
    How are you?

    I tried 2 options from the thread and after save firewalld and up it or starting server it does not works or stay blocked.
    follow picture:

    https://imgur.com/az2LstQ


    Thanks attentiom



    Quote Originally Posted by deano_ferrari View Post
    Create a custom service eg /etc/firewalld/services/samba-dc.xml
    Code:
    <?xml version="1.0" encoding="utf-8"?>
    <service>
      <short>Samba DC</short>
      <description>This option allows you to use this computer as a Samba Active Directory Domain Controller. You need the samba-dc package installed for this option to be useful.</description>
      <port protocol="tcp" port="53"/><!-- DNS -->
      <port protocol="udp" port="53"/><!-- DNS -->
      <port protocol="tcp" port="88"/><!-- Kerberos -->
      <port protocol="udp" port="88"/><!-- Kerberos -->
      <port protocol="tcp" port="135"/><!-- End Point Mapper (DCE/RPC Locator Service -->
      <port protocol="udp" port="137"/><!-- NetBIOS Name Service -->
      <port protocol="udp" port="138"/><!-- NetBIOS Datagram -->
      <port protocol="tcp" port="139"/><!-- NetBIOS Session -->
      <port protocol="tcp" port="389"/><!-- LDAP -->
      <port protocol="udp" port="389"/><!-- CLDAP -->
      <port protocol="tcp" port="445"/><!-- SMB over TCP -->
      <port protocol="tcp" port="464"/><!-- Kerberos kpasswd -->
      <port protocol="udp" port="464"/><!-- Kerberos kpasswd -->
      <port protocol="tcp" port="636"/><!-- LDAPS -->
      <port protocol="tcp" port="49152-65535"/><!-- Dynamic RPC Ports -->
      <port protocol="tcp" port="3268"/><!-- Global Catalog -->
      <port protocol="tcp" port="3269"/><!-- Global Catalog SSL -->
      <module name="netbios-ns"/>
    </service>
    Once that's done, do
    Code:
    sudo firewalld --reload
    Add the service to the appropriate zone. For example
    Code:
    sudo firewall-cmd --zone=trusted --add-service=samba-dc
    See how that goes.

  7. #7
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    21,584
    Blog Entries
    1

    Default Re: firewalld how to open ports corretly?

    Quote Originally Posted by doguibnu View Post
    Hello!
    How are you?

    I tried 2 options from the thread and after save firewalld and up it or starting server it does not works or stay blocked.
    follow picture:

    https://imgur.com/az2LstQ


    Thanks attentiom
    Are you sure this is a firewall issue? Did you try with firewall inactive? It might also be a name resolution problem perhaps. You could try specifying the FQDN explicitly eg
    Code:
    net ads join -U administrator -S domain_controller.example.com
    Samba reference guide:
    https://wiki.samba.org/index.php/Tro...Join_Procedure
    openSUSE Leap 15.2; KDE Plasma 5

  8. #8
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    12,296
    Blog Entries
    2

    Default Re: firewalld how to open ports corretly?

    What kind of SAMBA services are you running on this machine?
    Is it a SAMBA Domain Controller or simply a SAMBA file server?

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  9. #9
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    21,584
    Blog Entries
    1

    Default Re: firewalld how to open ports corretly?

    Quote Originally Posted by tsu2 View Post
    What kind of SAMBA services are you running on this machine?
    Is it a SAMBA Domain Controller or simply a SAMBA file server?

    TSU
    Good question. I initially assumed the OP was setting up a controller (that's what the firewall service is for), but this appears to be a client host joining a samba domain.
    openSUSE Leap 15.2; KDE Plasma 5

  10. #10
    Join Date
    Oct 2014
    Location
    Brazil
    Posts
    64

    Default Re: firewalld how to open ports corretly?

    Hello

    Here the picture when ad-dc is with firewall off.

    https://imgur.com/Gt0vDqq

    As you can see, the member could join to ad-dc
    if I let firewall on, same with service samba-dc created to open ports it does not do the member join to ad-dc machine.


    Quote Originally Posted by deano_ferrari View Post
    Are you sure this is a firewall issue? Did you try with firewall inactive? It might also be a name resolution problem perhaps. You could try specifying the FQDN explicitly eg
    Code:
    net ads join -U administrator -S domain_controller.example.com
    Samba reference guide:
    https://wiki.samba.org/index.php/Tro...Join_Procedure

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •