[Samba] Samba AD firewalld services

L.P.H. van Belle belle at bazuin.nl
Thu Aug 27 12:50:47 UTC 2015

After reading this thread.. and ..seeing the comments..   

I googled a bit around. and yes.. more then 5 sec..  ;-) 

I wonder why almost every "centos/redhat/rpm based" howto removes firewalld with the base iptables service
now, i'm not "pro" systemd or con systemd, i use it but i set my firewall with ufw, 
which is much more flexable in my opinion. 
I just dont care about how it starts.. as long as it works.. 

so i found this one.. 
looks very nice, it explains all.  
base on that, howto create a "samba4-ad" service with multiple ports in it. 
or better, split it up in to.. 

The only thing i cant see there in the "HAProxy example" is you can 
add multiple "port / protools" in there. 
thats up to you. 

but i think you wil manage that. 

.. side note.. 
Firewalling is not really a samba topic.. but we are all (yes Rowland to) happy to help you.. 
;-)  Rowland is just not a "fan" of systemd..  ROFL... 



>-----Oorspronkelijk bericht-----
>Van: samba [mailto:samba-bounces at lists.samba.org] Namens Ryan Bair
>Verzonden: donderdag 27 augustus 2015 14:01
>Aan: Robert Moskowitz
>CC: samba at lists.samba.org
>Onderwerp: Re: [Samba] Samba AD firewalld services
>The services and their port numbers and protocols are defined in
>/etc/services. You should be able to use that file to map from 
>port numbers
>to services if you want to use the service names instead. This is not
>something new with firewalld, iptables has had this option 
>forever as well.
>On Thu, Aug 27, 2015 at 12:20 AM, Robert Moskowitz 
><rgm at htt-consult.com>
>> Now with firewalld, opening up ports is now 'better' done by opening
>> services.  So what do I need, for starters it seems:
>> dns, dhcp, dhcpv6, samba, kerberos
>> Here is the list of services:
>> RH-Satellite-6 amanda-client bacula bacula-client dhcp dhcpv6
>> dhcpv6-client dns
>> ftp high-availability http https imaps ipp ipp-client ipsec kerberos
>> kpasswd ldap
>> ldaps libvirt libvirt-tls mdns mountd ms-wbt mysql nfs ntp 
>openvpn pmcd
>> pmproxy
>> pmwebapi pmwebapis pop3s postgresql proxy-dhcp radius rpc-bind samba
>> samba-client
>> smtp ssh telnet tftp tftp-client transmission-client 
>vnc-server wbem-https
>> I will only be running one AD, but a number of file servers (which in
>> Samba4 are really DCs without some services?) .
>> thanks
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list