Firehol Prevents Me From Joining Domain

To: debian-user@lists.debian.org
Subject: Firehol Prevents Me From Joining Domain
From: Anthony M Simonelli <a.simonelli@sbcglobal.net>
Date: Sun, 19 Aug 2007 09:04:28 -0500
Message-id: <[🔎] 1187532268.10167.1.camel@ams-laptop>

I'm running firehol on a Debian test server.  I have the winbind service
running to resolve NT domain user names.  I have the following services
defined for my LAN interface in the firehol.conf file.

lan_ips="192.168.0.0/24"

interface eth0 Lan src "${lan_ips}"
        policy reject
        server microsoft_ds accept
        server samba accept
        client all accept 

Whenever I try to join the domain "net rpc join -W DOMAIN -U
administrator"  I get a message saying "Unable to find a suitable
server" and I find the following in my logs:

Aug 19 08:55:51 server kernel: ''IN-Lan':'IN=eth0 OUT=
MAC=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX SRC=192.168.0.9
DST=192.168.0.197 LEN=90 TOS=0x00 PREC=0x00 TTL=128 ID=53787 PROTO=UDP
SPT=137 DPT=1033 LEN=70

Clearly the response is being blocked by my firewall and when I shut the
firewall down, I can easily join the domain.  I know that this relates
to a hack in the Samba service defined in Firehol
(http://firehol.sourceforge.net/services.html?#samba).  Is there a work
around that I can use in my configuration file?  Something that allows
responses only from a certain host, like the PDC?

Reply to:

Prev by Date: Re: /sys/power/state question with sudoers!
Next by Date: Re: change partitions
Previous by thread: Re: How to choose a mailer client
Next by thread: Multiple monitors with ATI/AMD Linux drivers 8.40.4
Index(es):
- Date
- Thread