UFW Blocks samba

Questions about Wi-Fi and other network devices, file sharing, firewalls, connection sharing etc
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Locked
User avatar
JayBird707
Level 3
Level 3
Posts: 126
Joined: Sat Jan 30, 2016 9:56 pm

UFW Blocks samba

Post by JayBird707 »

Thanks for reading and trying to lend a hand.

I don't know what I or some application touched but now I can't use Samba with UFW running. If I turn off UFW I can see all my smb clients. I uninstalled and reinstalled UFW and Samba and no change. I have the same rules in UFW I've always used, here a conpy of UFW Status:

Code: Select all

jeffrey@jeffrey-HP-Compaq-Pro-6300-SFF ~ $ sudo ufw status
[sudo] password for jeffrey: 
Status: active

To                         Action      From
--                         ------      ----
137,138/udp                ALLOW       Anywhere                  
139,445/tcp                ALLOW       Anywhere                  
22/tcp                     ALLOW       Anywhere                  
137,138/udp (v6)           ALLOW       Anywhere (v6)             
139,445/tcp (v6)           ALLOW       Anywhere (v6)             
22/tcp (v6)                ALLOW       Anywhere (v6)             

137,138/udp                ALLOW OUT   Anywhere                  
139,445/tcp                ALLOW OUT   Anywhere                  
22/tcp                     ALLOW OUT   Anywhere                  
137,138/udp (v6)           ALLOW OUT   Anywhere (v6)             
139,445/tcp (v6)           ALLOW OUT   Anywhere (v6)             
22/tcp (v6)                ALLOW OUT   Anywhere (v6)  
I've rebooted, stood on my head and crossed my fingers and still the only way to see the network clients is by turning UFW Off. Here's my System Info Report:

Code: Select all

 System:    Host: jeffrey-HP-Compaq-Pro-6300-SFF Kernel: 4.10.0-40-generic x86_64 (64 bit gcc: 5.4.0)
           Desktop: Cinnamon 3.6.6 (Gtk 3.18.9-1ubuntu3.3) dm: lightdm Distro: Linux Mint 18.3 Sylvia
Machine:   System: Hewlett-Packard product: HP Compaq Pro 6300 SFF Chassis: type: 4
           Mobo: Hewlett-Packard model: 339A Bios: Hewlett-Packard v: K01 v02.90 date: 07/16/2013
CPU:       Quad core Intel Core i5-3570 (-MCP-) cache: 6144 KB
           flags: (lm nx sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx) bmips: 27136
           clock speeds: min/max: 1600/3800 MHz 1: 1601 MHz 2: 1689 MHz 3: 1608 MHz 4: 1623 MHz
Graphics:  Card: NVIDIA G98 [GeForce 9300 GE] bus-ID: 01:00.0 chip-ID: 10de:06e0
           Display Server: X.Org 1.18.4 drivers: nvidia (unloaded: fbdev,vesa,nouveau)
           Resolution: 1366x768@59.79hz
           GLX Renderer: GeForce 9300 GE/PCIe/SSE2
           GLX Version: 3.3.0 NVIDIA 340.102 Direct Rendering: Yes
Audio:     Card Intel 7 Series/C210 Series Family High Definition Audio Controller
           driver: snd_hda_intel bus-ID: 00:1b.0 chip-ID: 8086:1e20
           Sound: Advanced Linux Sound Architecture v: k4.10.0-40-generic
Network:   Card: Intel 82579LM Gigabit Network Connection
           driver: e1000e v: 3.2.6-k port: f040 bus-ID: 00:19.0 chip-ID: 8086:1502
           IF: eno1 state: up speed: 1000 Mbps duplex: full mac: <filter>
Drives:    HDD Total Size: 6501.3GB (46.2% used)
           ID-1: /dev/sda model: ST31000524AS size: 1000.2GB serial: 6VPD7F1N
           ID-2: /dev/sdb model: SAMSUNG_HM500JI size: 500.1GB serial: S1YMJ10S503982
           ID-3: USB /dev/sdd model: 10EADS_External size: 1000.2GB serial: WD-WCAV50182493
           ID-4: USB /dev/sdc model: My_Book_25EE size: 4000.8GB serial: 574343374B344C4139324C38-0:0
Partition: ID-1: / size: 30G used: 8.5G (31%) fs: ext4 dev: /dev/dm-0
           ID-2: /var size: 4.8G used: 1.8G (40%) fs: ext4 dev: /dev/dm-1
           ID-3: /boot size: 464M used: 172M (40%) fs: ext4 dev: /dev/sda1
           ID-4: /home size: 591G used: 272G (49%) fs: ext4 dev: /dev/dm-2
           ID-5: swap-1 size: 8.39GB used: 0.00GB (0%) fs: swap dev: /dev/sda2
RAID:      System: supported: N/A
           No RAID devices: /proc/mdstat, md_mod kernel module present
           Unused Devices: none
Sensors:   System Temperatures: cpu: 29.8C mobo: 27.8C gpu: 0.0:58C
           Fan Speeds (in rpm): cpu: N/A
Repos:     Active apt sources in file: /etc/apt/sources.list.d/google-chrome.list
           deb [arch=amd64] http: //dl.google.com/linux/chrome/deb/ stable main
           Active apt sources in file: /etc/apt/sources.list.d/kdenlive-kdenlive-stable-xenial.list
           deb http: //ppa.launchpad.net/kdenlive/kdenlive-stable/ubuntu xenial main
           deb-src http: //ppa.launchpad.net/kdenlive/kdenlive-stable/ubuntu xenial main
           Active apt sources in file: /etc/apt/sources.list.d/official-package-repositories.list
           deb http: //packages.linuxmint.com sylvia main upstream import backport #id:linuxmint_main
           deb http: //archive.ubuntu.com/ubuntu xenial main restricted universe multiverse
           deb http: //archive.ubuntu.com/ubuntu xenial-updates main restricted universe multiverse
           deb http: //archive.ubuntu.com/ubuntu xenial-backports main restricted universe multiverse
           deb http: //security.ubuntu.com/ubuntu/ xenial-security main restricted universe multiverse
           deb http: //archive.canonical.com/ubuntu/ xenial partner
Info:      Processes: 265 Uptime: 5 min Memory: 928.4/18006.5MB
           Init: systemd v: 229 runlevel: 5 default: 2 Gcc sys: 5.4.0 alt: 4.9
           Client: Unknown python2.7 client inxi: 2.2.35   
Any advice or pointing ion the right direction is appreciated.
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
ASRock H470M-ITX/ac Home Build on Linux Mint Cinnamon!
Dell Studio 1737 Laptop, HP6300 SFF Desktop, Intel NUC NUC7CJYH Mini All on Linux Mint XFCE!
Image
User avatar
Joe2Shoe
Level 5
Level 5
Posts: 846
Joined: Wed Oct 18, 2017 8:12 pm
Location: Ozone

Re: UFW Blocks samba

Post by Joe2Shoe »

"Tolerance is the refuge of men without conviction."
"Common sense is not so common" - Voltaire
User avatar
Joe2Shoe
Level 5
Level 5
Posts: 846
Joined: Wed Oct 18, 2017 8:12 pm
Location: Ozone

Re: UFW Blocks samba

Post by Joe2Shoe »

Possibly the simplest way currenly (2015):

sudo ufw allow Samba
"Tolerance is the refuge of men without conviction."
"Common sense is not so common" - Voltaire
User avatar
greerd
Level 6
Level 6
Posts: 1060
Joined: Sat Jul 31, 2010 10:58 am
Location: Nova Scotia, Canada

Re: UFW Blocks samba

Post by greerd »

You could try allowing the ip addresses and ports of your samba clients, for example

Code: Select all

sudo ufw allow proto udp from xx.xx.xx.xx to any port 137:138
sudo ufw allow proto tcp from xx.xx.xx.xx to any port 139:445 
where xx.xx.xx.xx is the address of one of your samba clients. Do the same for all clients.

Also you might want to consider deleting the ipv6 rules if you don't use them. Note that rules created this way cannot be deleted from gufw, they must be deleted using ufw commands.

One way to delete a specific rule created this way is to list the rules numbered sudo ufw status numbered, find the rule number and then sudo ufw delete # (where # is the rule number)

Good luck
psicotron3

Re: UFW Blocks samba

Post by psicotron3 »

There's a topic with workaround for this problem: viewtopic.php?p=1396779#p1396779

Maybe one of the solutions work for your situation.
User avatar
JayBird707
Level 3
Level 3
Posts: 126
Joined: Sat Jan 30, 2016 9:56 pm

Re: UFW Blocks samba

Post by JayBird707 »

Let me begin by thanking everyone for their input.
I have found that the best thing for me to do is to follow these steps:
1- Disable UFW
2- In Nemo use File>Connect to Server using the remote host's IP address connect to the shared folder and create a Bookmark.
3- Enable UFW and add the Samba rule.

On my network it's not that bad since I use all Static IP addresses.

It's hard to believe from all the replies and research that a this browsing problem has existed for years.
ASRock H470M-ITX/ac Home Build on Linux Mint Cinnamon!
Dell Studio 1737 Laptop, HP6300 SFF Desktop, Intel NUC NUC7CJYH Mini All on Linux Mint XFCE!
Image
stanley82
Level 3
Level 3
Posts: 114
Joined: Sat Jan 28, 2012 11:01 pm

Re: UFW Blocks samba

Post by stanley82 »

From the look of it I should stop fighting this one as like you said it's been around for years. I've also tried unblocking ports 22 and 88 to no avail. Also if you look at my previous post "Samba restart and LM15 and LM18.3" the latter part indicates that LM15 and LM18 samba versions work differently. Regards Ian.
stanley82
Level 3
Level 3
Posts: 114
Joined: Sat Jan 28, 2012 11:01 pm

Re: UFW Blocks samba

Post by stanley82 »

Ian again.
What is curious is disabling the FW then click to mount the directory then enable the FW you can access the files in the now mounted directory. Regards Ian.
altair4
Level 20
Level 20
Posts: 11427
Joined: Tue Feb 03, 2009 10:27 am

Re: UFW Blocks samba

Post by altair4 »

@JayBird707
I have found that the best thing for me to do is to follow these steps:
1- Disable UFW
2- In Nemo use File>Connect to Server using the remote host's IP address connect to the shared folder and create a Bookmark.
3- Enable UFW and add the Samba rule.
Are you absolutely positively sure that step1 is necessary when accessing the server by ip address?

It was easy to reproduce your symptom in Mint 18.3:
** Enable the firewall.
** Allow Samba on all systems
** Go to Nemo > Network > Windows Network and you will error out.

But if I keep the firewall in place and go to smb://ip-address or use the mdns qualified hostname ( the host name of the server with a .local attached at the end - as in smb://hostname.local ) I can connect.

This problem started with Linux Kernel 4.8 but it relates only to netbios name resolution. In an all Linux network you don't have to use netbios. You can use mDNS or ip addresses if they are all static.

You can even set up an avahi / smb registration so that your machine will automatically show up under Nemo > Network ( and not under "Windows Network" - the netbios part ). This also worked in my experiment with ufw enabled.
Please add a [SOLVED] at the end of your original subject header if your question has been answered and solved.
User avatar
JayBird707
Level 3
Level 3
Posts: 126
Joined: Sat Jan 30, 2016 9:56 pm

Re: UFW Blocks samba

Post by JayBird707 »

I had forgotten about this post since the work around last December. Since upgrading to 4.13 Kernel I no longer have to disable UFW to connect with Nemo using File>Connect to Server... Once I do this I create a Bookmark and then I'm good forever.

So you are correct altair4 Step 1 is no longer needed. You are also correct that now you can type in smb://ip-address and connect. You still must disable UFW if I want to use Nemo solely as a GUI to navigate to the network hosts.
The avahi / smb registration for me is just too much work.
ASRock H470M-ITX/ac Home Build on Linux Mint Cinnamon!
Dell Studio 1737 Laptop, HP6300 SFF Desktop, Intel NUC NUC7CJYH Mini All on Linux Mint XFCE!
Image
altair4
Level 20
Level 20
Posts: 11427
Joined: Tue Feb 03, 2009 10:27 am

Re: UFW Blocks samba

Post by altair4 »

JayBird707 wrote: Tue Mar 06, 2018 1:59 pm The avahi / smb registration for me is just too much work.
Well, luckily for you Mint 19 will do it for you automatically. Unless ... um ... Mint deviates from it's Ubuntu roots again.
Please add a [SOLVED] at the end of your original subject header if your question has been answered and solved.
stanley82
Level 3
Level 3
Posts: 114
Joined: Sat Jan 28, 2012 11:01 pm

Re: UFW Blocks samba

Post by stanley82 »

If you go here "viewtopic.php?f=157&t=185410#p960482" and follow the instructions in the first reply that will fix things. You can also check out my experience at "viewtopic.php?f=157&t=265213". Ian
Locked

Return to “Networking”