File Server setup

I’ve been running a basic OpenSUSE file server for a couple of years now and today after the main HDD crashed, I’ve been trying for hours to setup a new installation of Leap 15.
It has not been going well. At first it would not let me access the server via a client. I see it when I browse the network, but tells me the server doesn’t exist when I click on it.
When I use ssh to access it through the same client, it works. So I’m pretty confident that I’ve done most of it right.
In a brief twitter thread with Richard Brown, he suggested checking the firewall settings. I don’t remember touching that when I was setting up the server previously. But did try…
Firewall off, SMB shares does seem to work. But that would mean my server is not secure… Am I correct?

Plus the NFS shares are not working. States I don’t have permission.

Note that my client system is on MacOS.

All I need is “How to setup a OpenSUSE File Server for Dummies” guide.

For firewall settings, easiest check is to use Yast Services Manager and stop the firewall.

If everything now works, then you have a firewall configuration problem. Otherwise your problem is elsewhere.

You can restart the firewall after your checking this.

I setup NFS via Yast. It does require installing “yast-nfs-server”. And I had to tweak some of the settings to make it possible to write to the NFS shares.

The Samba Shares started working as soon as the firewall was switched off. So I think that I would a dummies guide is setting up the basic Firewall that allows users on the LAN to access the Shares.

I never had to do touch the firewall in the previous server installation.

There are too many variables to make “one size fits all” guide. But in general, you need to allow “samba” service in the zone to which your internal LAN interface belongs. AFAIU as long as you have one single interface it defaults to zone public. I briefly went through pre-defined zones and none of them enables “samba” service by default. May be “internal” or “trusted” should.

I never had to do touch the firewall in the previous server installation.

Yes, previous firewall implementation had better integration with other packages, so packages may have opened needed ports automatically. I would say, the more people complain, the better chances something will be done. But not here, on bugzilla (as it is actually regression).

Server update:

I did a reinstallation and since Leap 15 doesn’t come with a firewall configurator in Yast, I installed a GUI on the Server and installed Firewall-config.
I don’t know how to configure a firewall, but just a couple of random clicks, not knowing what I’m doing, I managed to get the server working on Samba with the firewall up and running; well somewhat.
It sometimes works and sometimes doesn’t… I have no idea.

My network is box standard with a DHCP giving out addresses 192.168.1.100 - 192.168.1.120
The address of the server is fixed at 192.168.1.100.
My Mac runs a fixed assigned address 192.168.1.101

I just need the users on the network to be able to access the Server via SMB, while I access the shares through NFS.

Is there a box standard firewall setup that will work (always) with such a standard network.

If you click on the YaST Firewall module, it should automatically automatically install firewall-config on first use, here is the documentation

https://doc.opensuse.org/documentation/leap/security/html/book.security/cha.security.firewall.html

An alternative some people have found easier to use is configserver

https://configserver.com/cp/csf.html

General rule is to select one and use it, don’t use multiple firewall management apps.
Read the docs, if you have questions post your questions. Try not to guess about your firewall configuration, security is important and should be done correctly.

TSU

When I setup my system as file server, I used Yast to setup samba. And one of the screen in that setup has a box to open firewall for samba. It’s the “Startup” tab. I suggest you try that.

The firewall configuration tool is a bit confusing. The first screen has, near top of screen

Configuration Runtime.

You have to change that “Runtime” to “Permanent” if you want your changes to be remembered beyond the current session.