[Samba] Samba AD firewalld services
Robert Moskowitz
rgm at htt-consult.com
Thu Aug 27 13:58:02 UTC 2015
On 08/27/2015 09:50 AM, Rowland Penny wrote:
> On 27/08/15 13:50, L.P.H. van Belle wrote:
>> After reading this thread.. and ..seeing the comments..
>>
>> I googled a bit around. and yes.. more then 5 sec.. ;-)
>>
>> I wonder why almost every "centos/redhat/rpm based" howto removes
>> firewalld with the base iptables service
>
> Now here's a funny thing, I was searching the samba wiki for
> 'firewall' and found there is a page on setting up samba4 on centos 7,
> about half way down that page is this:
>
> This post setup will configure the services to startup and disable
> Selinux and Firewall, during my tests firewalld did not save the
> allowed ports, even with permanent flag, so I´v decided to disable to
> avoid problems.
>
> So even on the samba wiki, you are advised to turn off firewalld :-D
You have to do a --reload before they show up in the --list-all. I
would like to see a list pending option before I reload...
And I really hope I don't have to disable Selinux. Somewhere here I
have a cookbook for creating new policies. It has worked for a few
services I have worked with that instructed me ot 'disable Selinux'.
I am a security guy. I WANT my security services.
>
>
>> now, i'm not "pro" systemd or con systemd, i use it but i set my
>> firewall with ufw,
>> which is much more flexable in my opinion.
>> I just dont care about how it starts.. as long as it works..
>>
>> so i found this one..
>> http://www.certdepot.net/rhel7-get-started-firewalld/
>> looks very nice, it explains all.
>> base on that, howto create a "samba4-ad" service with multiple ports
>> in it.
>> or better, split it up in to..
>> samba4-kerberos
>> samba4-smbd
>> samba4-nmbd
>> etc..
>>
>> The only thing i cant see there in the "HAProxy example" is you can
>> add multiple "port / protools" in there.
>> thats up to you.
>>
>> but i think you wil manage that.
>>
>> .. side note..
>> Firewalling is not really a samba topic.. but we are all (yes Rowland
>> to) happy to help you..
>> ;-) Rowland is just not a "fan" of systemd.. ROFL...
>>
>> Greetz,
>>
>> Louis
>>
>>
>>> -----Oorspronkelijk bericht-----
>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Ryan Bair
>>> Verzonden: donderdag 27 augustus 2015 14:01
>>> Aan: Robert Moskowitz
>>> CC: samba at lists.samba.org
>>> Onderwerp: Re: [Samba] Samba AD firewalld services
>>>
>>> The services and their port numbers and protocols are defined in
>>> /etc/services. You should be able to use that file to map from
>>> port numbers
>>> to services if you want to use the service names instead. This is not
>>> something new with firewalld, iptables has had this option
>>> forever as well.
>>>
>>> On Thu, Aug 27, 2015 at 12:20 AM, Robert Moskowitz
>>> <rgm at htt-consult.com>
>>> wrote:
>>>
>>>> Now with firewalld, opening up ports is now 'better' done by opening
>>>> services. So what do I need, for starters it seems:
>>>>
>>>> dns, dhcp, dhcpv6, samba, kerberos
>>>>
>>>> Here is the list of services:
>>>>
>>>> RH-Satellite-6 amanda-client bacula bacula-client dhcp dhcpv6
>>>> dhcpv6-client dns
>>>> ftp high-availability http https imaps ipp ipp-client ipsec kerberos
>>>> kpasswd ldap
>>>> ldaps libvirt libvirt-tls mdns mountd ms-wbt mysql nfs ntp
>>> openvpn pmcd
>>>> pmproxy
>>>> pmwebapi pmwebapis pop3s postgresql proxy-dhcp radius rpc-bind samba
>>>> samba-client
>>>> smtp ssh telnet tftp tftp-client transmission-client
>>> vnc-server wbem-https
>>>> I will only be running one AD, but a number of file servers (which in
>>>> Samba4 are really DCs without some services?) .
>>>>
>>>> thanks
>>>>
>>>>
>>>>
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>>
>>
>
>
More information about the samba
mailing list