Firewall blocked for samba
Hi I have Ubuntu 9.04 installed and a healthy Samba installation.
If I have the firewall, UFW, activated I cannot see my network and get this error message in Nautilus when I click "Windows Network"
Quote:
failed to retrieve share list from server
.
I have enabled samba by running this UFW command:
Code:
sudo ufw allow samba
. In the GUI GUFW I then see that these rules have been added:
Quote:
137,138/udp (samba) ALLOW anywhere
139,445/tcp (samba) ALLOW anywhere
I have edited the file /etc/default/ufw, in particular I added nf_conntrack_netbios_ns so the relevant line becomes like so:
Code:
IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_irc nf_nat_irc nf_conntrack_netbios_ns"
Despite all that, Samba only works if I turn UFW off.
What have I missed?
Thanks
swerdna
Re: Firewall blocked for samba
did you set workgroup to "WORKGROUP" ?
install this for setting up samba options.
http://gadmintools.flippedweb.com/in...d=16&Itemid=30
if you dont know how to compile from source or dont want to, you can install 'alien' and use the rpm package for install.
Re: Firewall blocked for samba
Quote:
Originally Posted by
ericab
did you set workgroup to "WORKGROUP" ?
I set workgroup = SWERDNA to match the other four workstations on the LAN
But I don't need to adjust samba, it works great when UFW is disabled. I configure Samba from the CLI and am an expert at it. The problem is with UFW which I have enabled for samba by using
Code:
sudo ufw allow samba
as recommended variously elsewhere. But that advice seems to be erroneous. Can you give me the correct method for configuring for Samba the UFW firewall? (The problem is that UFW is effectively the default recommended firewall and the advice out there isn't working)
Quote:
if you dont know how to compile from source or dont want to, you can install 'alien' and use the rpm package for install.
No thanks, I'm good for configuring samba.
Re: Firewall blocked for samba
I doubt it's as simple as restarting "something"...
Re: Firewall blocked for samba
OK here's the answer:
Remove the much vaunted service-based rule for Samba with this command:
Code:
sudo ufw delete samba
Replace it with port-based rules for the trusted network:
Code:
sudo ufw allow proto udp to any port 137 from 192.168.29.0/24
sudo ufw allow proto udp to any port 138 from 192.168.29.0/24
sudo ufw allow proto tcp to any port 139 from 192.168.29.0/24
sudo ufw allow proto tcp to any port 445 from 192.168.29.0/24
Adjusting the IP mask for individual LANs.
Sadly, the UFW fails on a service-based rule, which is probably a bug. I suppose that UFW is fairly new and is mostly left turned off, so this problem will take some time to be noticed by the bug-fixers. All will come good in time :)
Re: Firewall blocked for samba
Well, at least there is now a workaround... Thanks for posting (hope I can remember it if/when another thread mentions a similar problem.)
Re: Firewall blocked for samba
Quote:
Originally Posted by
swerdna
Sadly, the UFW fails on a service-based rule, which is probably a bug. I suppose that UFW is fairly new and is mostly left turned off, so this problem will take some time to be noticed by the bug-fixers. All will come good in time :)
Please file a bug report :)
I've added your findings to my Fix Windows share browsing howto (6th link in my sig).
Re: Firewall blocked for samba
Quote:
Originally Posted by
dmizer
Please file a bug report :)
I've added your findings to my Fix Windows share browsing howto (6th link in my sig).
Terrific.
I've also got a write up of my Samba experiences and have included the findings there too.
Re: Firewall blocked for samba
Per this post: http://ubuntuforums.org/showpost.php...&postcount=133 the rules posted above are reversed. They should read:
Code:
sudo ufw allow proto udp from 192.168.1.0/24 to any port 137
sudo ufw allow proto udp from 192.168.1.0/24 to any port 138
sudo ufw allow proto tcp from 192.168.1.0/24 to any port 139
sudo ufw allow proto tcp from 192.168.1.0/24 to any port 445
Confirmed here: http://ubuntuforums.org/showthread.php?t=806000
Re: Firewall blocked for samba
Quote:
Originally Posted by
dmizer
Thank you very much -- this stuff is so confusing.
Don't hese two mean exactly the same thing:
- sudo ufw allow proto udp from 192.168.1.0/24 to any port 137
- sudo ufw allow proto udp to any port 137 from 192.168.29.0/24
as per this ref: http://log.logfish.net/node/31
and this http://www.mypcsupport.de/net/linux/ubuntu-ufw/
and this (#4) http://somethinggnu.blogspot.com/200...a-and-ufw.html
and this http://ubuntuforums.org/showpost.php...91&postcount=4
So I think probably either is valid.
Or am I missing something?