Firehol Prevents Me From Joining Domain
I'm running firehol on a Debian test server. I have the winbind service
running to resolve NT domain user names. I have the following services
defined for my LAN interface in the firehol.conf file.
lan_ips="192.168.0.0/24"
interface eth0 Lan src "${lan_ips}"
policy reject
server microsoft_ds accept
server samba accept
client all accept
Whenever I try to join the domain "net rpc join -W DOMAIN -U
administrator" I get a message saying "Unable to find a suitable
server" and I find the following in my logs:
Aug 19 08:55:51 server kernel: ''IN-Lan':'IN=eth0 OUT=
MAC=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX SRC=192.168.0.9
DST=192.168.0.197 LEN=90 TOS=0x00 PREC=0x00 TTL=128 ID=53787 PROTO=UDP
SPT=137 DPT=1033 LEN=70
Clearly the response is being blocked by my firewall and when I shut the
firewall down, I can easily join the domain. I know that this relates
to a hack in the Samba service defined in Firehol
(http://firehol.sourceforge.net/services.html?#samba). Is there a work
around that I can use in my configuration file? Something that allows
responses only from a certain host, like the PDC?
Reply to: