[Samba] Samba AD firewalld services

Robert Moskowitz rgm at htt-consult.com
Thu Aug 27 12:16:48 UTC 2015 


On 08/27/2015 08:01 AM, Ryan Bair wrote:
> The services and their port numbers and protocols are defined in 
> /etc/services. You should be able to use that file to map from port 
> numbers to services if you want to use the service names instead. This 
> is not something new with firewalld, iptables has had this option 
> forever as well.

If that is all they are doing....


But I don't think so.  I mean what ports does service 'samba' and 
'samba-client' map to?  Even 'smb' is not a listed service in 
/etc/services.  Nor is port 135.   And what about Kerberos Password (464).

Since for some of us, firewalld is part of the osscape, it is worthwhile 
to work all this out and document it and hopefully to add it to the wiki 
so next year when someone new comes along, we can use say, "read the 
wiki on it".

In fact for those running iptables, it would be good to capture the 
iptables entries instead of having to do a search of this mailing list.

Now on to reading more on firewalld 'services'!
>
> On Thu, Aug 27, 2015 at 12:20 AM, Robert Moskowitz 
> <rgm at htt-consult.com <mailto:rgm at htt-consult.com>> wrote:
>
>     Now with firewalld, opening up ports is now 'better' done by
>     opening services.  So what do I need, for starters it seems:
>
>     dns, dhcp, dhcpv6, samba, kerberos
>
>     Here is the list of services:
>
>     RH-Satellite-6 amanda-client bacula bacula-client dhcp dhcpv6
>     dhcpv6-client dns
>     ftp high-availability http https imaps ipp ipp-client ipsec
>     kerberos kpasswd ldap
>     ldaps libvirt libvirt-tls mdns mountd ms-wbt mysql nfs ntp openvpn
>     pmcd pmproxy
>     pmwebapi pmwebapis pop3s postgresql proxy-dhcp radius rpc-bind
>     samba samba-client
>     smtp ssh telnet tftp tftp-client transmission-client vnc-server
>     wbem-https
>
>     I will only be running one AD, but a number of file servers (which
>     in Samba4 are really DCs without some services?) .
>
>     thanks
>
>
>
>     -- 
>     To unsubscribe from this list go to the following URL and read the
>     instructions: https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list