Fedora Linux Support Community & Resources Center
  #1  
Old 19th June 2017, 10:47 AM
tonjg Offline
Registered User
 
Join Date: Oct 2009
Posts: 86
windows_98_nt_2000chrome
firewall not letting samba through

I'm running fedora23 64 bit and can't get samba to work. I know firewalld is the problem becuase if I do systemctl stop firewalld then samba works and I can see the shares I've set up. I originally set firewalld with the command:
firewall-cmd --permanent --zone=public --add-service=samba
and if I do firewall-cmd --get-services I see samba and samba-client in the output. If I do
firewall-cmd --list-all I get services: dhcpv6-client samba-client ssh in the list. I can't figure out why the firewall is blocking samba. Thankd for any help.
Reply With Quote
  #2  
Old 19th June 2017, 12:42 PM
smr54 Online
Registered User
 
Join Date: Jan 2010
Posts: 7,118
linuxfirefox
Re: firewall not letting samba through

Some cursory googling indicates that most people don't use the --zone=public. I don't know firewalld well, the iptables command used to be something like
Code:
iptables -I INPUT 5 -s 192.168.1.0/24 -p udp -d 0/0 --dport 137:139 -j ACCEPT

iptables -I INPUT 6 -s 192.168.1.0/24 -p tcp --syn -d 0/0 --dport 137:139 - ACCEPT
But that's from years ago, and I don't remember if I ever checked if it needed both udp and tcp. I also remember that grc used to consider opening port 139 a risk.

EDIT: See Flying Dutchman's post below, apparently those ports are no longer needed.

Last edited by smr54; 19th June 2017 at 07:32 PM.
Reply With Quote
  #3  
Old 19th June 2017, 03:04 PM
flyingdutchman Offline
Registered User
 
Join Date: Jan 2015
Location: Al Ain, UAE
Posts: 694
macosfirefox
Re: firewall not letting samba through

Samba uses only one port, 445 TCP.

You opened the NETBIOS and WINS ports, which are not needed.
__________________
--
Have fun!
http://www.aeronetworks.ca
Reply With Quote
  #4  
Old 20th June 2017, 08:41 AM
tonjg Offline
Registered User
 
Join Date: Oct 2009
Posts: 86
windows_98_nt_2000chrome
Re: firewall not letting samba through

thanks for your responses but I'm still getting brick-walled by firewalld. I did firewall-cmd --permanent --zone=public --add-port=445/tcp and I got Error: ALREADY_ENABLED: 445/tcp
I also did firewall-cmd --zone=public --remove-service=samba
success
and then
firewall-cmd --zone=public --add-service=samba
success
but still I can't access the samba share unless I turn the firewall off with systemctl stop firewalld. I've also tried firewall-cmd --add-service=samba (omitting zone=public) but still no joy. Thanks for any further advice.
Reply With Quote
  #5  
Old 20th June 2017, 10:29 AM
bbfuller Offline
Registered User
 
Join Date: Jun 2005
Location: UK
Posts: 4,415
linuxchrome
Re: firewall not letting samba through

I suppose it might depend on how you are using Samba.

I always used to open the traditional ports like you did. I've found in the last couple of years that although that allowed for command line use of Samba it blocked network browsing when using KDE/Dolphin.

I found it necessary to change the default firewall configuration from what I think was Public to "Workstation".

If you look in the firewall gui you'll then see that it opens a whole lot of higher numbered ports and network browsing works......for me.
Reply With Quote
  #6  
Old 20th June 2017, 05:03 PM
tonjg Offline
Registered User
 
Join Date: Oct 2009
Posts: 86
windows_98_nt_2000chrome
Re: firewall not letting samba through

thanks for your further help. I tried firewall-cmd --zone=public --remove-service=samba and then firewall-cmd --zone=workstation --add-service=samba and I got Error: INVALID_ZONE: workstation. I usually do everything by command line. I'm accessing the share from a windows pc, in the past on centos 7 my cirrent firewalld config works fine but it doesn't work on this fedora 23 machiine.
Reply With Quote
  #7  
Old 20th June 2017, 06:53 PM
flyingdutchman Offline
Registered User
 
Join Date: Jan 2015
Location: Al Ain, UAE
Posts: 694
macosfirefox
Re: firewall not letting samba through

Don't guess. To measure, is to know.

Run tcpdump to see what is going on and run smbclient or Dolphin to trigger a packet sequence and see what is going out and what is coming back.

For example:
# iptables -F
# tcpdump -nlX -i em1

Now run a file browser or smbclient, try to connect to the server and look at the packets and port numbers and you'll have the problem sorted out within a few minutes.
__________________
--
Have fun!
http://www.aeronetworks.ca

Last edited by flyingdutchman; 20th June 2017 at 07:24 PM.
Reply With Quote
  #8  
Old 20th June 2017, 11:30 PM
bob Online
Administrator (yeah, back again)
 
Join Date: Jul 2004
Location: Colton, NY; Junction of Heaven & Earth (also Routes 56 & 68).
Age: 72
Posts: 23,256
linuxfedorafirefox
Re: firewall not letting samba through

moved to EOL
__________________
Linux & Beer - That TOTALLY Computes!
Registered Linux User #362651


Don't use any of my solutions on working computers or near small children.
Reply With Quote
  #9  
Old 22nd June 2017, 09:10 AM
tonjg Offline
Registered User
 
Join Date: Oct 2009
Posts: 86
windows_98_nt_2000chrome
solved firewall not letting samba through

I solved it. I reinstalled fedora23 from scratch and this time used the command:
firewall-cmd --add-service=samba --permanent
and the firewall now lets samba through and I can see the shared folder on the network.
The difference is I removed --zone-public and swapped the wording around to what I previously had. Strange but it now works ok.
Reply With Quote
Reply

Tags
firewall, letting, samba

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba, firewall and security Marax Servers & Networking 2 22nd November 2004 05:40 PM


Current GMT-time: 14:39 (Saturday, 23-09-2017)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat