1) Samba server howto | 2) mount windows/samba shares with CIFS + unicode | 3) best FTP server howto
4) NFS server/client howto | 5) Easy cross-platform LAN file sharing with FTP
6) Fix samba browsing!!! | 7) Fix Pulse audio
Happy Ubunting!
@uncle-c: here are some lines I've extracted from iptables -L:
Edit: FWIW I spotted these too:Code:Chain ufw-user-input (1 references) target prot opt source destination ACCEPT udp -- 192.168.1.0/24 anywhere udp dpt:netbios-dgm ACCEPT tcp -- 192.168.1.0/24 anywhere tcp dpt:netbios-ssn ACCEPT tcp -- 192.168.1.0/24 anywhere tcp dpt:microsoft-ds ACCEPT udp -- 192.168.1.0/24 anywhere udp dpt:netbios-ns
Code:Chain ufw-after-input (1 references) target prot opt source destination RETURN udp -- anywhere anywhere udp dpt:netbios-ns RETURN udp -- anywhere anywhere udp dpt:netbios-dgm RETURN tcp -- anywhere anywhere tcp dpt:netbios-ssn RETURN tcp -- anywhere anywhere tcp dpt:microsoft-ds
Last edited by swerdna; September 15th, 2009 at 11:57 AM.
Thanks. The first table is identical to my iptables firewall rules. So can you see your Samba shares from the "Network Browser" on your samba client machine ?
c
I can't remember any more. It was quick, no resetting of Samba and so on. So I'll do this controlled test and then report back:
your "outbound" rules
your "inbound" rules
my blue rules
After each removal of old rules and setting of the next set of rules I will reboot before testing the visibility of the server from Nautilus in the server and from Nautilus in the client.
OK I've finished that test, this time with booting to re-zero everything. Results are:
Your outbound rules
sudo ufw allow proto udp to 192.168.1.0/24 port 137 from any
sudo ufw allow proto udp to 192.168.1.0/24 port 138 from any
sudo ufw allow proto tcp to 192.168.1.0/24 port 139 from any
sudo ufw allow proto tcp to 192.168.1.0/24 port 445 from any
sudo ufw status gives
To Action From
-- ------ ----
192.168.1.0/24 137/udp ALLOW Anywhere
192.168.1.0/24 138/udp ALLOW Anywhere
192.168.1.0/24 139/tcp ALLOW Anywhere
192.168.1.0/24 445/tcp ALLOW Anywhere
server is visible and shares can be opened from Nautilus in the Ubuntu server
server is visible and shares can be opened from Nautilus in the openSUSE client
================================================== ==========
Your inbound rules
sudo ufw allow proto udp from 192.168.1.0/24 port 137 to any
sudo ufw allow proto udp from 192.168.1.0/24 port 138 to any
sudo ufw allow proto tcp from 192.168.1.0/24 port 139 to any
sudo ufw allow proto tcp from 192.168.1.0/24 port 445 to any
sudo ufw status gives
To Action From
-- ------ ----
Anywhere ALLOW 192.168.1.0/24 137/udp
Anywhere ALLOW 192.168.1.0/24 138/udp
Anywhere ALLOW 192.168.1.0/24 139/tcp
Anywhere ALLOW 192.168.1.0/24 445/tcp
server is not visible from Nautilus in the Ubuntu server
server is not visible from Nautilus in the openSUSE client
================================================== ==========
My blue rules
sudo ufw allow proto udp to any port 137 from 192.168.1.0/24
sudo ufw allow proto udp to any port 138 from 192.168.1.0/24
sudo ufw allow proto tcp to any port 139 from 192.168.1.0/24
sudo ufw allow proto tcp to any port 445 from 192.168.1.0/24
sudo ufw status gives
To Action From
-- ------ ----
137/udp ALLOW 192.168.1.0/24
138/udp ALLOW 192.168.1.0/24
139/tcp ALLOW 192.168.1.0/24
445/tcp ALLOW 192.168.1.0/24
server is visible and shares can be opened from Nautilus in the Ubuntu server
server is visible and shares can be opened from Nautilus in the openSUSE client
================================================== ==========
The two sets of rules that work are dmizer's outbound rules and my blue rules.
BUT dmizer's "outbound" rules appear to allow from "anywhere" which to me means all IP networks, whereas the "blue" rules restrict to one "trusted" subnet. (maybe -- I'm really confused by all of this now).
Hi,
I had same issue - can not browse windows network from Ubuntu 10.04 with ufw/gufw enabled. I have added this to /etc/default/ufw:
and restart IPTABLES.# The nf_contrack_netbios_ns has been added
IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_irc nf_nat_irc nf_conntrack_netbios_ns"
I do not have any other rules for samba. Everything seams to work now.
PS. Tip source:
http://ubuntuforums.org/showpost.php...91&postcount=4
Cheers all
I followed GrzesiekC's post and it worked, without any rules being made for ufw. I'm ignorant though. What did it do?
Hi, I'm also having problems with the firewall blocking netbios. I've read through the thread and set up my firewall as recommended. Here is the output of "ufw status verbose":
I use "mount -t cifs" to mount my windows share and if the firewall is off it works fine and I can ping the netbios name too. With the firewall active the mount fails unless I include "ip=10.0.0.3" in the mount options and ping returns with "unknown host".Code:Status: active Logging: on (low) Default: deny (incoming), allow (outgoing) New profiles: skip To Action From -- ------ ---- 137/udp ALLOW IN 10.0.0.0/24 138/udp ALLOW IN 10.0.0.0/24 139/tcp ALLOW IN 10.0.0.0/24 445/tcp ALLOW IN 10.0.0.0/24
I took a look at my UFW log file and it appears every time there is an attempt to resolve the windows netbios name, Windows sends its reply to a different, random port:
I'd rather not open up the firewall to accept any UDP connection from 10.0.0.0/24 so how do I tell windows to always use the correct port?Code:[UFW BLOCK] IN=eth0 OUT= MAC=00:07:95:da:8e:81:00:26:f2:56:a0:fc:08:00 SRC=10.0.0.3 DST=10.0.0.2 LEN=90 TOS=0x00 PREC=0x00 TTL=128 ID=19692 PROTO=UDP SPT=137 DPT=56352 LEN=70 [UFW BLOCK] IN=eth0 OUT= MAC=00:07:95:da:8e:81:00:26:f2:56:a0:fc:08:00 SRC=10.0.0.3 DST=10.0.0.2 LEN=90 TOS=0x00 PREC=0x00 TTL=128 ID=23091 PROTO=UDP SPT=137 DPT=57116 LEN=70
Bookmarks