[Samba] Samba and UFW
Reindl Harald
h.reindl at thelounge.net
Tue Jan 29 16:59:52 UTC 2019
Am 29.01.19 um 17:54 schrieb Marty McGlensey:
> I will check that. Not sure how fix it. Will look on internet. Would you give some more information on the subject.
i don't know "UWF"
on iptables it's simple, just make sure that the rule for
"RELATED,ESTABLISHED" is on top which is in general a good idea because
any other rule in the chain is skipped for active connections making
things much faster and less error prone
iptables -A INPUT -p all -m conntrack --ctstate RELATED,ESTABLISHED -j
ACCEPT
iptables -A OUTPUT -p all -m conntrack --ctstate RELATED,ESTABLISHED -j
ACCEPT
iptables -A FORWARD -p all -m conntrack --ctstate RELATED,ESTABLISHED -j
ACCEPT
>> On Jan 29, 2019, at 10:43 AM, Reindl Harald <h.reindl at thelounge.net> wrote:
>>
>>> Am 29.01.19 um 16:39 schrieb Marty via samba:
>>> Here is the ufw.log after enabling logging medium and trying to connect to
>>> the windows net. Unfortunately the web Microsoft page is in German. I think
>>> it says window uses smb1 syntax.
>>>
>>> Jan 27 15:11:09 martin-RB042AV-ABA-a1410y kernel: [ 887.241685] [UFW BLOCK]
>>> IN=enp2s5 OUT= MAC=00:19:21:a2:11:5e:74:27:ea:ab:1e:e0:08:00
>>> SRC=192.168.254.15 DST=192.168.254.39 LEN=90 TOS=0x00 PREC=0x00 TTL=128
>>> ID=10646 PROTO=UDP SPT=137 DPT=52944 LEN=70
>>>
>>> Jan 27 15:11:21 martin-RB042AV-ABA-a1410y kernel: [ 899.315443] [UFW BLOCK]
>>> IN=enp2s5 OUT= MAC=00:19:21:a2:11:5e:74:27:ea:ab:1e:e0:08:00
>>> SRC=192.168.254.15 DST=192.168.254.39 LEN=90 TOS=0x00 PREC=0x00 TTL=128
>>> ID=10652 PROTO=UDP SPT=137 DPT=58971 LEN=70
>> given that the source port is always 137 and the destijnation port
>> random it looks like your firewall just hasn't proper connection
>> tracking to allow repsonse packets aka RELATED,ESTABLISHED
More information about the samba
mailing list