[Samba] Samba and UFW

[L.P.H. van Belle]

im in Germany atm, that why your missing me atm tuesday im back.


try this


because its not needed to open a /16 subnet.


edit /etc/default/ufw

enable netbios conntrack

in the modules below


now run ufw reset

now add the new rules. 


that should work


before you do that, safe the output off

iptables -S 

after the reset, run it again, and mail me both output's.


Greetz for Germany



Louis








Op 2 feb. 2019, om 15:06, Rowland Penny via samba <samba at lists.samba.org> schreef: 
On Fri, 1 Feb 2019 22:15:03 +0000
Rowland Penny via samba <samba at lists.samba.org> wrote:


Bit late here, I will install ufw tomorrow and see if this throws a
spanner in the works.


OK, installing ufw threw a spanner did throw a spanner into the
works ;-)

Even after doing this:

sudo ufw allow proto udp to any port 137 from 192.168.0.0/24
sudo ufw allow proto udp to any port 138 from 192.168.0.0/24
sudo ufw allow proto tcp to any port 139 from 192.168.0.0/24
sudo ufw allow proto tcp to any port 445 from 192.168.0.0/24

I could not get through the firewall, all I got was:

Connecting to 192.168.0.27 at port 445
Connecting to 192.168.0.27 at port 139
Connection to stand failed (Error NT_STATUS_IO_TIMEOUT)

A bit of an internet search turned up this command:

sudo ufw allow from 192.168.0.0/16 to any app Samba

This did the trick:

root at rpi1:~# smbclient -L stand
Enter root's password: 
Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.8.8-Debian]

Sharename Type Comment
--------- ---- -------
print$ Disk Printer Drivers
IPC$ IPC IPC Service (stand server (Samba, Devuan))
Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.8.8-Debian]

Server Comment
--------- -------
RPI1 Samba 4.5.12-Debian
STAND stand server (Samba, Devuan)

Workgroup Master
--------- -------
WORKGROUP RPI1

Rowland