Web lists-archives.com

Re: [Samba] Samba and UFW




Hai, 

Can you show the output of ufw status numbered? 


I use now the folling for ufw on my new servers.
ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), deny (outgoing), disabled (routed)
New profiles: skip

# FROM AD-DC Server to this server.
ufw allow in proto tcp from IP_AD_DC1 port 389,1024:65535 to any port 1024:65535

# TO AD-DC Server (AD-DC/Server)
ufw allow out proto udp from any port 1024:65535 to IP_AD_DC1 port 137,138
ufw allow out proto tcp from any port 1024:65535 to IP_AD_DC1 port 135,139,445,636,3268,3269
ufw allow out proto udp from any port 53,1024:65535 to IP_AD_DC1 port 53,88,123,389,464,1024:65535
ufw allow out proto tcp from any port 53,1024:65535 to IP_AD_DC1 port 53,88,123,389,464,1024:65535

# TO this server ( network shares on MEMBER/Server) ) 
ufw allow in on eno1 proto tcp from LAN_IP.0/24 to any port 139,445 comment 'Allow in on eno1 port 139,445 (CIFS)'
# Not needed for share access. 
#ufw allow in on eno1 proto udp from LAN_IP.0/24 to any port 137,138 comment 'Allow in on eno1 port 137,138 (BROWSER)'

All i noticed was that i tried to change the port range from 1024:65535 to 49152-65535 but that was not an option for me due to some other old servers.
Thats one you might want to adjust. 

If someone see's improvements to make, tell us. 

Source used for above : 
https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage 


Greetz, 

Louis

 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens 
> Micha Ballmann via samba
> Verzonden: maandag 28 januari 2019 7:54
> Aan: samba@xxxxxxxxxxxxxxx
> Onderwerp: Re: [Samba] Samba and UFW
> 
> Post ufw.log or syslog?
> 
> Ufw should log the port which is blocked by connecting.
> 
> Best regards
> 
> Am 27.01.2019 um 19:03 schrieb Rowland Penny via samba:
> > On Sun, 27 Jan 2019 12:01:00 -0500
> > Marty via samba <samba@xxxxxxxxxxxxxxx> wrote:
> >
> >> Good Morning,
> >>
> >>   
> >>
> >> Using Linux Mint 19.1 I have configured UFW to allow Samba. I see
> >> that ports 135 tcp, 137 udp, 138 udp , 139 tcp and 445 tcp are all
> >> set properly. The problem is that with UFW enabled I cannot connect
> >> to my Windows 8.1 PC. Error "Unable to mount location -  failed to
> >> retrieve list from server, file or directory does not exist". With
> >> UFW disabled I can connect and browse the Windows network PC. If I
> >> enable UFW I can still browse the Window network. If I unmout the
> >> location I cannot reconnect without disabling UFW. I have made all
> >> the edits to the smb.conf file suggested on the net but nothing has
> >> worked so far. Also when printing to a Windows shared printer using
> >> Samba the document goes to the printer but, does not 
> print. The same
> >> setup works perfectly on my Mint 18.3 box.
> >>
> >>   
> >>
> >> There is got to be some thing I am missing. Any suggestions? All
> >> responses are appreciated.
> >>
> > Whilst it is nice to know what OS you are using, it might 
> have been a
> > good idea to tell us what version of Samba you are using and how you
> > are running it.
> >
> > Rowland
> >
> >
> -- 
> *Micha Ballmann*
> Universitätsrechenzentrum in Landau
> Fortstr. 7
> 76829 Landau
> Telefon: +49(0)6341 280-31265
> Fax: +49 (0)6341 280-31267
> E-Mail: ballmann@xxxxxxxxxxxxx
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba