Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Samba, firewall and me. Again...

  1. #1
    Join Date
    Aug 2008
    Location
    Brazil
    Posts
    3,163

    Default Samba, firewall and me. Again...

    Server: Leap 15.3, samba allowed in firewall with Yast.

    Client 1: Windows 10 -> shares are seen and accessible, with firewall enabled or disabled.

    Client 2: FireTV stick -> same shares are only accessible with firewall disabled, else KODI says "couldn't connect to network server". WTF?

    I vaguely remember having to open nmb ports, but this was with openSUSE 42.something. And if so client 1 wouldn't see the shares anyway?

    On windows 10 shares were set manually as shortcuts to \\<server_ip>\<share_name>. On KODI (on the fireTV stick) you select the location (like //smb or similar) and the shares should be shown, but nothing is found if the firewall is enabled in the server.

    Any ideas?

    Thanks,

    Bruno

  2. #2
    Join Date
    Aug 2008
    Location
    Brazil
    Posts
    3,163

    Default Re: Samba, firewall and me. Again...

    FWIW, both

    Code:
    systemctl status smb
    and
    Code:
    systemctl status nmb
    show the services as active (running).

  3. #3
    Join Date
    Aug 2008
    Location
    Brazil
    Posts
    3,163

    Default Re: Samba, firewall and me. Again...

    Any way I can see what ports are opened when I add the samba service in Yast firewall?

    Just speculating, perhaps the firetv stick requires netbios, and it's ports are not open by the samba service.

  4. #4
    Join Date
    Oct 2014
    Location
    Rotterdam
    Posts
    548

    Default Re: Samba, firewall and me. Again...

    Likely the FireTV stick uses different ports, not only SMB.

    Find out the IP address the FireTV stick has (for example 111.222.333.444) and run with the firewall disabled and the FireTV stick is active:
    Code:
    lsof -i | grep '<111.222.333.444>'
    That will list active connections to the device including the ports, check them against the firewall.

    If that does not work, you can run wireshark (you might have to install it), that will dump all traffic, so start it capturing before the FireTV stick is connecting and keep it running till it runs.
    Select Capture --> Options, select the interface the FireTV stick is connected to and filter again on the IP address of the FireTV stick.



    I.e. replace 192.168.111.1 in the picture above by the IP address of the FireTV stick

    Once the FireTV stick is running, stop the capture and open Statistics --> Protocol Hierarchy. That will again list all type of traffic and should give you an idea on what additional ports need to be opened.

  5. #5
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    23,071
    Blog Entries
    1

    Default Re: Samba, firewall and me. Again...

    You could show us your firewall config...

    Code:
    firewall-cmd --list-all
    openSUSE Leap 15.2; KDE Plasma 5

  6. #6
    Join Date
    Aug 2008
    Location
    Brazil
    Posts
    3,163

    Default Re: Samba, firewall and me. Again...

    Quote Originally Posted by marel View Post
    Likely the FireTV stick uses different ports, not only SMB.

    Find out the IP address the FireTV stick has (for example 111.222.333.444) and run with the firewall disabled and the FireTV stick is active:
    Code:
    lsof -i | grep '<111.222.333.444>'
    Hi, sorry for the late reply, I'm having eye trouble these last days (thankfully temporary).

    Code:
    # lsof -i4 | grep mbd 
    nmbd       1858    root   13u  IPv4  42291      0t0  UDP *:netbios-ns 
    nmbd       1858    root   14u  IPv4  42292      0t0  UDP *:netbios-dgm 
    nmbd       1858    root   15u  IPv4  42301      0t0  UDP bruno-03:netbios-ns 
    nmbd       1858    root   16u  IPv4  42302      0t0  UDP 192.168.0.255:netbios-ns 
    nmbd       1858    root   17u  IPv4  42303      0t0  UDP bruno-03:netbios-dgm 
    nmbd       1858    root   18u  IPv4  42304      0t0  UDP 192.168.0.255:netbios-dgm 
    smbd       1913    root   49u  IPv4  43625      0t0  TCP *:microsoft-ds (LISTEN)
    smbd       1913    root   50u  IPv4  43626      0t0  TCP *:netbios-ssn (LISTEN)
    As you can see, there's no IP address. Weird.

    I've made a mistake in my first report. The fireTV stick I referred to was not accessing a SMB share, but a NFS one.

    I have another stick that is actually accessing the SMB share. Both sticks, curiously, loose the connection if the firewall is active when they are turned on *or* when the server is rebooted. To access the share, in either stick, I have to disable the firewall an access the share. After that I can enable the firewall back and the share continues accessible.

  7. #7
    Join Date
    Aug 2008
    Location
    Brazil
    Posts
    3,163

    Default Re: Samba, firewall and me. Again...

    Quote Originally Posted by deano_ferrari View Post
    You could show us your firewall config...

    Code:
    firewall-cmd --list-all
    Code:
    # firewall-cmd --list-all
    public (active)
      target: default
      icmp-block-inversion: no
      interfaces: eth0
      sources: 
      services: kdeconnect kdeconnect-kde nfs nfs3 rpc-bind samba syncthing syncthing-gui synergy
      ports: 
      protocols: 
      forward: no
      masquerade: no
      forward-ports: 
      source-ports: 
      icmp-blocks: 
      rich rules: 
    #

  8. #8
    Join Date
    Aug 2008
    Location
    Brazil
    Posts
    3,163

    Default Re: Samba, firewall and me. Again...

    I just noticed that in Yast firewall I can set it to restart or reload after saving the changes. Perhaps reload would keep some kind of authorization for the sticks? Probably not, but maybe worth testing later.

  9. #9
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    23,071
    Blog Entries
    1

    Default Re: Samba, firewall and me. Again...

    Quote Originally Posted by brunomcl View Post
    I just noticed that in Yast firewall I can set it to restart or reload after saving the changes. Perhaps reload would keep some kind of authorization for the sticks? Probably not, but maybe worth testing later.
    No, it doesn't work that way.
    openSUSE Leap 15.2; KDE Plasma 5

  10. #10
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    23,071
    Blog Entries
    1

    Default Re: Samba, firewall and me. Again...

    Quote Originally Posted by brunomcl View Post
    Hi, sorry for the late reply, I'm having eye trouble these last days (thankfully temporary).

    Code:
    # lsof -i4 | grep mbd 
    nmbd       1858    root   13u  IPv4  42291      0t0  UDP *:netbios-ns 
    nmbd       1858    root   14u  IPv4  42292      0t0  UDP *:netbios-dgm 
    nmbd       1858    root   15u  IPv4  42301      0t0  UDP bruno-03:netbios-ns 
    nmbd       1858    root   16u  IPv4  42302      0t0  UDP 192.168.0.255:netbios-ns 
    nmbd       1858    root   17u  IPv4  42303      0t0  UDP bruno-03:netbios-dgm 
    nmbd       1858    root   18u  IPv4  42304      0t0  UDP 192.168.0.255:netbios-dgm 
    smbd       1913    root   49u  IPv4  43625      0t0  TCP *:microsoft-ds (LISTEN)
    smbd       1913    root   50u  IPv4  43626      0t0  TCP *:netbios-ssn (LISTEN)
    As you can see, there's no IP address. Weird.

    I've made a mistake in my first report. The fireTV stick I referred to was not accessing a SMB share, but a NFS one.

    I have another stick that is actually accessing the SMB share. Both sticks, curiously, loose the connection if the firewall is active when they are turned on *or* when the server is rebooted. To access the share, in either stick, I have to disable the firewall an access the share. After that I can enable the firewall back and the share continues accessible.
    If they rely on Avahi for discovery, then you need to open the port for 'mdns' (UDP port 5353).
    openSUSE Leap 15.2; KDE Plasma 5

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •