[Samba] Samba and UFW

Wed Feb 6 07:35:54 UTC 2019

Hai, 

Iptables -S requires more arguments, thats strange. 
You should have seen output.. 

Ok, my set. A bit more experimelal setup. ( stretch with iptables and ufw from debian buster. )
dpkg -l|egrep "iptables|ufw"
ii  iptables                              1.8.2-2                                    amd64        administration tools for packet filtering and NAT
ii  ufw                                   0.35-6                                     all          program for managing a Netfilter firewall
( here i needed these due of some changes with iptables ufw ipv6 and xtables-addon. (use with geoip.) 

The official set for stretch on an other server
dpkg -l|egrep "iptables|ufw"
ii  iptables                          1.6.0+snapshot20161117-6           amd64        administration tools for packet filtering and NAT
ii  ufw                               0.35-4                             all          program for managing a Netfilter firewall

Both versions run iptables -S without problems. ( -S, --list-rules [chain] ) 

Your iptables/ufw versions are? 

Your on Mint 19.1  
I noticed here : https://itsfoss.com/things-to-do-after-installing-linux-mint-19/ 
The picuture of the firewall, That "profile" selection is see is new for me, i only dont have any servers with gui's. 
If you have a desktop, lookup firewall in the menu. 
Start it and tell me what is the selected profile here. 
I'll bet that there is a "lan" profile also, i'll have a better look here. 

I also noticed :
https://forums.linuxmint.com/viewtopic.php?t=272334 
This look like exactly your problem. 

This one was new for me. 
https://support.microsoft.com/en-ca/help/4046019/guest-access-in-smb2-disabled-by-default-in-windows-10-and-windows-ser 
Guest access in SMB2 disabled by default in Windows 10, Windows Server 2016 version 1709, and Windows Server 2019 

Resolution
If you want to enable insecure guest access, you can configure the following Group Policy settings:

Computer configuration\administrative templates\network\Lanman Workstation
"Enable insecure guest logons"

This setting has no effect on SMB1 behavior. SMB1 continues to use guest access and guest fallback.
SMB1 is uninstalled by default in latest Windows 10 and Windows Server configurations. For more information see SMBv1 is not installed by default in Windows 10 Fall Creators Update and Windows Server, version 1709.

That explains some list mails... 

Resume, 
- Lookup the iptables ufw version.
- if you have desktop, start firewall and check the profiles. 

- If on Win10 as shown above, enable the "Enable insecure guest logons" < as very last, because it lowers your security.
The win10 change should not be needed, in my opinion. 

For so far, 

Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Martin McGlensey via samba
> Verzonden: woensdag 6 februari 2019 1:54
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Samba and UFW
> 
> Louis,
> 
> 
> Last lines in /etc/default/ufw:
> 
> 
> IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_irc nf_nat_irc 
> nf_conntrack_netbios_ns"
> 
> 
> Looks like nf_contrack_netbios_ns is already loaded.
> 
> 
> iptables -S requires more arguments. Suggestions?
> 
> 
> Marty
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 