FedoraForum.org - Fedora Support Forums and Community
Results 1 to 9 of 9
  1. #1
    Join Date
    Oct 2009
    Posts
    86

    firewall not letting samba through

    I'm running fedora23 64 bit and can't get samba to work. I know firewalld is the problem becuase if I do systemctl stop firewalld then samba works and I can see the shares I've set up. I originally set firewalld with the command:
    firewall-cmd --permanent --zone=public --add-service=samba
    and if I do firewall-cmd --get-services I see samba and samba-client in the output. If I do
    firewall-cmd --list-all I get services: dhcpv6-client samba-client ssh in the list. I can't figure out why the firewall is blocking samba. Thankd for any help.

  2. #2
    Join Date
    Jan 2010
    Posts
    7,168

    Re: firewall not letting samba through

    Some cursory googling indicates that most people don't use the --zone=public. I don't know firewalld well, the iptables command used to be something like
    Code:
    iptables -I INPUT 5 -s 192.168.1.0/24 -p udp -d 0/0 --dport 137:139 -j ACCEPT
    
    iptables -I INPUT 6 -s 192.168.1.0/24 -p tcp --syn -d 0/0 --dport 137:139 - ACCEPT
    But that's from years ago, and I don't remember if I ever checked if it needed both udp and tcp. I also remember that grc used to consider opening port 139 a risk.

    EDIT: See Flying Dutchman's post below, apparently those ports are no longer needed.
    Last edited by smr54; 19th June 2017 at 07:32 PM.

  3. #3
    Join Date
    Jan 2015
    Location
    Al Ain, UAE
    Posts
    736

    Re: firewall not letting samba through

    Samba uses only one port, 445 TCP.

    You opened the NETBIOS and WINS ports, which are not needed.
    --
    Have fun!
    http://www.aeronetworks.ca

  4. #4
    Join Date
    Oct 2009
    Posts
    86

    Re: firewall not letting samba through

    thanks for your responses but I'm still getting brick-walled by firewalld. I did firewall-cmd --permanent --zone=public --add-port=445/tcp and I got Error: ALREADY_ENABLED: 445/tcp
    I also did firewall-cmd --zone=public --remove-service=samba
    success
    and then
    firewall-cmd --zone=public --add-service=samba
    success
    but still I can't access the samba share unless I turn the firewall off with systemctl stop firewalld. I've also tried firewall-cmd --add-service=samba (omitting zone=public) but still no joy. Thanks for any further advice.

  5. #5
    Join Date
    Jun 2005
    Location
    UK
    Posts
    4,423

    Re: firewall not letting samba through

    I suppose it might depend on how you are using Samba.

    I always used to open the traditional ports like you did. I've found in the last couple of years that although that allowed for command line use of Samba it blocked network browsing when using KDE/Dolphin.

    I found it necessary to change the default firewall configuration from what I think was Public to "Workstation".

    If you look in the firewall gui you'll then see that it opens a whole lot of higher numbered ports and network browsing works......for me.

  6. #6
    Join Date
    Oct 2009
    Posts
    86

    Re: firewall not letting samba through

    thanks for your further help. I tried firewall-cmd --zone=public --remove-service=samba and then firewall-cmd --zone=workstation --add-service=samba and I got Error: INVALID_ZONE: workstation. I usually do everything by command line. I'm accessing the share from a windows pc, in the past on centos 7 my cirrent firewalld config works fine but it doesn't work on this fedora 23 machiine.

  7. #7
    Join Date
    Jan 2015
    Location
    Al Ain, UAE
    Posts
    736

    Re: firewall not letting samba through

    Don't guess. To measure, is to know.

    Run tcpdump to see what is going on and run smbclient or Dolphin to trigger a packet sequence and see what is going out and what is coming back.

    For example:
    # iptables -F
    # tcpdump -nlX -i em1

    Now run a file browser or smbclient, try to connect to the server and look at the packets and port numbers and you'll have the problem sorted out within a few minutes.
    Last edited by flyingdutchman; 20th June 2017 at 07:24 PM.
    --
    Have fun!
    http://www.aeronetworks.ca

  8. #8
    bob's Avatar
    bob is online now Administrator (yeah, back again)
    Join Date
    Jul 2004
    Location
    Colton, NY; Junction of Heaven & Earth (also Routes 56 & 68).
    Age
    72
    Posts
    23,357

    Re: firewall not letting samba through

    moved to EOL
    Linux & Beer - That TOTALLY Computes!
    Registered Linux User #362651


    Don't use any of my solutions on working computers or near small children.

  9. #9
    Join Date
    Oct 2009
    Posts
    86

    solved firewall not letting samba through

    I solved it. I reinstalled fedora23 from scratch and this time used the command:
    firewall-cmd --add-service=samba --permanent
    and the firewall now lets samba through and I can see the shared folder on the network.
    The difference is I removed --zone-public and swapped the wording around to what I previously had. Strange but it now works ok.

Similar Threads

  1. Samba, firewall and security
    By Marax in forum Servers & Networking
    Replies: 2
    Last Post: 22nd November 2004, 05:40 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •