How do you configure the firewall to allow external web access (it’s a LAMP server) and internal access for samba shares ?
External access: Open port forwarding in your router and forward port 80 to the internal IP address of your web server. If you have an additional (personal) SuSEfirewall2 on your web server, in Yast firewall settings, set the network interface in the “External Zone” and enable http as an allowed service for the External Zone.
For Samba shares internally, share the directory like this:
guest ok = no
read only = no
force user = webmaster
Change the name webmaster to the real server administrator’s Linux username. Add that name to the Samba user database on the server. Chown the document root and all files/directories in it to be owned by that username. Chmod the permissions recursively to drwxr-xr-x
Personally, I find it more convenient to use ftp in Dolphin to access the document root of an Internet server that I have locally.
That has all been set and working thanks to your help previously, thank you.
I found a thread elsewhere on the forum here about “is your firewall active” and found that previously I had it disabled while setting up samba. I re-enabled it and was just concerned about security from web attacks. I figured if I had 2 NICs, one for the web server and the other for all local network access it would be safer. This is still basically a standard (if there is such a thing) install of Suse 11.2. For example in Yast>Security and Users>Local Security all but 2 items report a status of disabled, configure, or Unknown. Am I at risk?
I would like to set up FTP access but Yast offers no options other than to to assign ALL authenticated users to a single directory. I see that my vsftp.conf file is empty so T guess I should make that my next research project, setting up vsftp,
Depends what they are – what are they?
You might find ftp access useful. If you want to stop write access for Linux users other than a designated user, e.g. user wxyz, then make wxyz the owner of the document root and make the permissions to be drwxr-xr-x. Then If user abcd logs in over ftp, she can’t write anything.