Firewall Settings for Personal File Sharing
Solution 1
Or if you want to do it explicitly:
sudo ufw allow proto tcp to any port 135
sudo ufw allow proto udp to any port 137
sudo ufw allow proto udp to any port 138
sudo ufw allow proto tcp to any port 139
sudo ufw allow proto tcp to any port 445
sudo ufw allow proto udp to any port 5353
The first few five rules are Samba. The last is zeroconf to allow other machines on the network to tell your computer about them (it gets names, available resources, etc)
Solution 2
To allow samba with ufw you can issue the command sudo ufw allow samba. You can then do sudo ufw status to see what ports it has allowed and other useful information.
Though I agree on an internal network a firewall may be entirely unnecessary.
Related videos on Youtube
04 : 27
03 : 15
06 : 05
06 : 31
01 : 35
Nerdfest
Updated on September 17, 2022Comments
-
Nerdfest over 1 year
I have ufw set up to allow samba connections, but this does not seem to allow files to be transferred through Ubuntu's "Personal File Sharing" using the Public folder. The share can be seen, but not accessed if the firewall is active. Are there extra ports that need to be opened?
The default ufw profile opens ports 137, 138, 139 and 445. To this, I've added 135 and 80, but so far, no joy. I do see connection attempts coming in on high ports (32K+) but these are blocked.
-
lovinglinux over 13 yearsFirst of all, I think you need to consider if you really need to activate the firewall. If you are behind a router, it is probably already firewalled. If you don't forward the ports from the router to your machine to access your shares or other server from the Internet, then you don't need a firewall.
-
-
Nerdfest over 13 yearsI actually already have ufw set up to allow samba. I'm not sure about the set of ports it's allowing, but file transfers don't work. I'll try adding the zero-conf port to the list as well.
-
Nerdfest over 13 yearsThis is for a laptop that is not just internal. I generally firewall all machines on my local network anyway (defense in depth). Regardless, I'm more curious about why it won't work with only samba allowed.
-
Nerdfest over 13 yearsThe ufw profile for Samba does not seem to include port 135. I'll try adding that one first when I get a chance.
-
Nerdfest over 13 yearsTried it before, but it didn't seem to work ... I'll try again to be sure. I see hits coming in on port 33709 in the logs, but no port 80. Very strange
-
Nerdfest over 13 yearsNo luck with port 80 ...
-
Jorge Castro over 13 years@Nerdfest Please update your question with the various things you have tried so that the next person who tries to help you with your problem doesn't have to dig though the comments, thanks!
-
koanhead over 13 years@Nerdfest, maybe try running netstat while you attempt a connection to the shared folder. 'netstat -tucp' should work, but if you are not familiar with netstat I strongly recommend you read the manpage.
-
Admin about 13 yearskoanhead is right that Personal File Sharing uses WebDAV instead of Samba. But I think it listens on a random port instead of port 80, and which it then advertises using avahi. I'm not sure if the port can be statically configured, which might make adding a rule to ufw quite tricky.
