I am an amateur Linux user, so maybe I should be using a more generic one for all system.
I set up a home server years ago using OpenSuse 11.0 and later 12.0 and Swerdna’s excellent guide at the time. Eventually the openSuse version became outdated, and I could not update the system, so I had to install openSuse 15.0 Leap. I found Swerdna’s guide for setting up a home network server for Leap. The guide is much the same as the previous one, and as far as setting up Samba is excellent. However the firewall instructions make no sense, in that they do not really correspond with the appearance and set up of the current firewall in Leap which uses firewall-config 05.5.
If I turn the firewall off in the YAST Services Manager ( firewalld ), I can access the Samba Shares perfectly. If I then it on, they disappear (In case a newbie like me is reading this, you can only edit the firewall in YAST if the firewall is turned on in the Services Manager). As a result I assume my Samba Shares in smb.conf is fine. Is that a correct assumption?
However anything I have tried to alter guessing Swerda’s instructions for changing the Firewall in YAST results in the shares not working. Swerdna’s instructions are fairly simple and clear -
Configure the Firewall for Samba
Use Yast to configure the Firewall:
Set your network interface: Go To Yast ==> Security & users ==> Firewall ==> Interfaces ==> set network Device to External.
Set your network services: Go To Yast ==> Security & users ==> Firewall ==> Allowed Services ==> set these allowed services: Netbios server, Samba client, Samba server.
So, trying to follow the first instruction I navigated to Yast ==> Security & users ==> Firewall ==> in Active Bindings on the left I can see Connections, Interfaces and Sources, but I can only access Connections. Interfaces is not acessible, so I selected “Wired connection 1 eth0” and changed the zone (using Change Zone at the bottom) from “Public” to “External” zone. I hope this has the same effect.
(I would like to add a screenshot, so that you can see the window and choices, but I cannot in this forum.)
Then, I tried to implement the second instruction navigating to Yast ==> Security & users ==> Firewall ==>, but where are the Allowed Services? I can add views in the top menu, but none give me Allowed Services. The only similar area is Services. If I select Services I get a menu choice as 5 tabs - Ports, Protocols, Source Port, Modules and Destination. It says below that “Services can only be changed in permanent configuration view”. There is an option to add or edit the service.
If I scroll down there I can find samba (=Samba-server?) and Samba client, but not Netbios Server. There are several tabs for each service. Under Ports Samba shows various ports (139,445,137,138) and samba-client shows two ports (137,138), and if I select the Modules tab both show netbios-ns.
How do I make samba and samba-client “allowed”? Am I meant to be able to access Interfaces, and if so why is that tab only read only (does not link)?
I decided to go back one tab from “Services” to “Zones” and put samba and samba-client in the External zone. Is that correct?
Nevertheless I cannot access the Samba shares, unless I switch the firewall off, so something must be wrong. Here are results from firewall-cmd -
~> sudo firewall-cmd --zone=public --list-all
[sudo] password for root:
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
~> sudo firewall-cmd --zone=external --list-all
external
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh samba samba-client
ports:
protocols:
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:
Maybe I need more knowledge to try this, but with openSuse 10, 11 and 12 it was so easy. It would be great to have such clear instructions for the Firewall setup that corresponded with openSuSE 15.0
Can anyone help?
Thanks.