UFW firewall still blocking SMB despite adding rules
Solution 1
Try this:
As root, open /etc/default/ufw
Look for the line like this:
IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_irc nf_nat_irc"
Add nf_conntrack_netbios_ns
to the line so that it looks like this:
IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_irc nf_nat_irc nf_conntrack_netbios_ns"
Now reload the firewall:
sudo ufw reload
Solution 2
Mike's sudo ufw allow Samba
works like a charm.
I personally prefer restricting to my private subnet, so for others who like the same, use:
$ sudo ufw allow from 192.168.0.0/16 to any app Samba
Also, try running sudo ufw app list
for a list of other apps you can use as short-hand to the required ports (eg. Postfix, OpenSSH, etc). Makes your firewall rules list a lot easier to read and maintain.
Solution 3
To allow samba with ufw use the following command
sudo ufw allow Samba
See the links given to you by other users for additional information.
Solution 4
As I found no ufw profile for samba 4 I set up my own which worked for me (opens the ports as listed in the Samba Wiki: Ports for Samba 4 as PDC) and is easier to manage :
-
Create a new file: /etc/ufw/applications.d/samba4 with the following content
[Samba4] title=Samba 4 description=Samba 4 as domain controller ports=53|88|135/tcp|137/udp|138/udp|139/tcp|389|445/tcp|464|636/tcp|1024:5000/tcp|3268/tcp|3269/tcp|5353
-
Now add it to ufw with one of the following commands:
-
sudo ufw allow from 192.168.192.0/24 to any app samba4
if you want to only allow it on your 192.168.1.0/24 network -
sudo ufw allow samba4
if you want to allow it for every network
-
If you enter sudo ufw status verbose
it will output something like the following
to action from
-- ------ ---
....
53 (Samba4) ALLOW IN 192.168.1.0/24
88 (Samba4) ALLOW IN 192.168.1.0/24
135/tcp (Samba4) ALLOW IN 192.168.1.0/24
137/udp (Samba4) ALLOW IN 192.168.1.0/24
138/udp (Samba4) ALLOW IN 192.168.1.0/24
139/tcp (Samba4) ALLOW IN 192.168.1.0/24
389 (Samba4) ALLOW IN 192.168.1.0/24
445/tcp (Samba4) ALLOW IN 192.168.1.0/24
464 (Samba4) ALLOW IN 192.168.1.0/24
636/tcp (Samba4) ALLOW IN 192.168.1.0/24
1024:5000/tcp (Samba4) ALLOW IN 192.168.1.0/24
3268/tcp (Samba4) ALLOW IN 192.168.1.0/24
3269/tcp (Samba4) ALLOW IN 192.168.1.0/24
5353 (Samba4) ALLOW IN 192.168.1.0/24
Solution 5
You can use logging to find out if you're blocking a port that should not be blocked.
tail -f /var/log/ufw.log
Some extra information in case you havened tried it already: ufw manual , ufw wiki
Related videos on Youtube
nLinked
Updated on September 18, 2022Comments
-
nLinked almost 2 years
I have an Ubuntu PC with ufw firewall (GUI version). I have added the preset Samba service, in and out, and even tried adding the ports manually (135-139, 445, UDP and TCP, in and out), but it still blocks samba.
I am trying to access a share on another PC on my LAN. If I disable ufw, it works fine. It must be still blocking something and I can't figure it out. Any ideas?
I'm on Ubuntu 11.04 beta 2.
-
pbhj almost 8 yearsI like to add a "
comment 'passing samba from local'
" (without outer quotes) to the end of the ufw command line as a reminder so that when you dosudo ufw status numbered
(or whatever) you can see why the rules are there. -
wakeup about 7 yearsSamba application rules are not installed by default
-
wakeup about 7 yearsThis should be the answer.
-
wakeup about 7 yearsSamba application rules are not installed by default
-
Ayell about 6 years
echo 1 > /proc/sys/net/netfilter/nf_conntrack_helper
is also necessary with newer kernels -
Benjamin Peter over 3 yearsHelped me. The client used the external IPv6 address in my case so the allow rules were not working to my surprise.
-
pbhj over 3 yearsFWIW that will probably fail as the user doesn't have access to that file. Instead,
echo 1 | sudo tee /proc/sys/net/netfilter/nf_conntrack_helper
should work.