30

I have an Ubuntu PC with ufw firewall (GUI version). I have added the preset Samba service, in and out, and even tried adding the ports manually (135-139, 445, UDP and TCP, in and out), but it still blocks samba.

I am trying to access a share on another PC on my LAN. If I disable ufw, it works fine. It must be still blocking something and I can't figure it out. Any ideas?

I'm on Ubuntu 11.04 beta 2.

Braiam
  • 69,112
nLinked
  • 3,387

6 Answers6

43

Mike's sudo ufw allow Samba works like a charm.

I personally prefer restricting to my private subnet, so for others who like the same, use:

$ sudo ufw allow from 192.168.0.0/16 to any app Samba

Also, try running sudo ufw app list for a list of other apps you can use as short-hand to the required ports (eg. Postfix, OpenSSH, etc). Makes your firewall rules list a lot easier to read and maintain.

RolandiXor
  • 51,797
Omar
  • 439
  • 4
  • 2
20

To allow samba with ufw use the following command

sudo ufw allow Samba

See the links given to you by other users for additional information.

Panther
  • 104,528
Mike
  • 217
13

As I found no ufw profile for Samba 4 AD DC I set up my own which worked for me (opens the ports as listed in the Samba Wiki: Ports for Samba 4 as AD DC) and is easier to manage :

  1. Create a new file: /etc/ufw/applications.d/samba-ad-dc with the following content

     [samba-ad-dc]
 title=Samba 4 AD DC
 description=Samba 4 as domain controller
 ports=53|88|135/tcp|137/udp|138/udp|139/tcp|389|445/tcp|464|636/tcp|3268/tcp|3269/tcp|49152:65535/tcp

  2. Now add it to ufw with one of the following commands:

    • `sudo ufw allow from 192.168.192.0/24 to any app samba-ad-dc` if you want to only allow it on your 192.168.1.0/24 network
    • sudo ufw allow samba-ad-dc if you want to allow it for every network

If you enter sudo ufw status verbose it will output something like the following

To                         Action      From
--                         ------      ----
...
53 (samba-ad-dc)           ALLOW IN    192.168.1.0/24
88 (samba-ad-dc)           ALLOW IN    192.168.1.0/24
135/tcp (samba-ad-dc)      ALLOW IN    192.168.1.0/24
137/udp (samba-ad-dc)      ALLOW IN    192.168.1.0/24
138/udp (samba-ad-dc)      ALLOW IN    192.168.1.0/24
139/tcp (samba-ad-dc)      ALLOW IN    192.168.1.0/24
389 (samba-ad-dc)          ALLOW IN    192.168.1.0/24
445/tcp (samba-ad-dc)      ALLOW IN    192.168.1.0/24
464 (samba-ad-dc)          ALLOW IN    192.168.1.0/24
636/tcp (samba-ad-dc)      ALLOW IN    192.168.1.0/24
3268/tcp (samba-ad-dc)     ALLOW IN    192.168.1.0/24
3269/tcp (samba-ad-dc)     ALLOW IN    192.168.1.0/24
49152:65535/tcp (samba-ad-dc) ALLOW IN    192.168.1.0/24
Seb13
  • 3
Alexander Taubenkorb
  • 231
  • 2
  • 4
7

Try this:

As root, open /etc/default/ufw

Look for the line like this:

IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_irc nf_nat_irc"

Add nf_conntrack_netbios_ns to the line so that it looks like this:

IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_irc nf_nat_irc nf_conntrack_netbios_ns"

Now reload the firewall:

sudo ufw reload
Andrew Lambert
  • 965
5

You can use logging to find out if you're blocking a port that should not be blocked. 

tail -f /var/log/ufw.log

Some extra information in case you havened tried it already: ufw manual , ufw wiki

Don Kirkby
  • 1,489
Gerwin
  • 51
1

I had the same problem.

Here's what I suggest: After installing Gufw, make sure you log out of your account and then log back in.

It worked for me.

In general, whenever you have a problem with software you just installed, try the above suggestion first.

You will be surprised as to how often it cures the problem.

Ubuntuist
  • 11