I’m having the issue where I currently cannot connect to my samba share on the local network. As far as I can tell the issue is coming from the Susefirewall as when I turn it off I can connect fine. When I first installed OpenSUSE I had the same issue but fixed it by allowing the Samba Client service in the external zone of the firewall. I have now logged in this morning and can no longer connect, whenever I try and connect directly to the samba share (smb://newfishnas/data), it gives me the error “Could not display “smb://newfishnas/data” Error: Failed to mount windows share: invalid argument. Please select another viewer and try again.”. If I try and navigate to Network > Windows Network (which is where I normally go to get to the share) I get the error “Unable to mount location. Failed to retrieve share list from server: No such file or directory”. Is anyone able to help me with this issue?
I’m not sure what Logs or configs I should post so if anyone would like to see any of them please ask.
Hi
So fire up YaST -> Security and Users -> Firewall -> Allowed Services and on the right select the dropdown ‘Service to Allow’, select Samba Client and hit the add button so it appears in the list, then hit next etc.
I have already allowed the Samba Client service in the firewall. I had this issue when I first installed OpenSUSE and that’s how I fixed it the first time.
Hi
You need to scan from a remote machine to see which ones are open, eg
nmap.
–
Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
openSUSE Leap 42.1|GNOME 3.16.2|4.1.27-27-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!
Sorry for the late response, here are the results:
generic@NewFishNAS ~ $ sudo nmap -sS -sU -O -p 137-139,445 192.168.1.78/24
Starting Nmap 6.40 ( http://nmap.org ) at 2016-08-07 09:50 AWST
Nmap scan report for 192.168.1.78
Host is up (0.00024s latency).
PORT STATE SERVICE
137/tcp closed netbios-ns
138/tcp closed netbios-dgm
139/tcp open netbios-ssn
445/tcp open microsoft-ds
137/udp open netbios-ns
138/udp open|filtered netbios-dgm
139/udp closed netbios-ssn
445/udp closed microsoft-ds
MAC Address: C8:60:00:C4:6E:EA (Asustek Computer)
No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
malcolmlewis;2788029 Wrote:
> Hi
> You need to scan from a remote machine to see which ones are open, eg
> nmap.
>
> –
> Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter
> #276890)
> openSUSE Leap 42.1|GNOME 3.16.2|4.1.27-27-default
> If you find this post helpful and are logged into the web interface,
> please show your appreciation and click on the star below… Thanks!
Hi,
Sorry for the late response, here are the results:
Starting Nmap 6.40 ( http://nmap.org ) at 2016-08-07 09:50 AWST
Nmap scan report for 192.168.1.78
Host is up (0.00024s latency).
PORT STATE SERVICE
137/tcp closed netbios-ns
138/tcp closed netbios-dgm
139/tcp open netbios-ssn
445/tcp open microsoft-ds
137/udp open netbios-ns
138/udp open|filtered netbios-dgm
139/udp closed netbios-ssn
445/udp closed microsoft-ds
MAC Address: C8:60:00:C4:6E:EA (Asustek Computer)
No exact OS matches for host (If you know what OS is running on it,
see Nmap OS/Service Fingerprint and Correction Submission Page ).
Hi
Manually add ports 137 tcp and 138 tcp on the client (YaST firewall ->
allowed service -> advanced button) and see how it goes.
Does seem strange though, maybe tied to the NAS your using?
–
Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
openSUSE Leap 42.1|GNOME 3.16.2|4.1.27-27-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!
Just tried adding the ports manually. No change. I doubt it’s the NAS causing the issue as connecting to it from other PCs work fine and I had no problem connecting to it on this computer up until recently.
If I assign my network card to the “internal zone” in the firewall config I can connect to the NAS aswell, is there any harm in just leaving it on that setting? Would leaving it on that setting be the same as not having the firewall running as it applies no filtering to the internal zone?
malcolmlewis;2788237 Wrote:
> Hi
> Manually add ports 137 tcp and 138 tcp on the client (YaST firewall ->
> allowed service -> advanced button) and see how it goes.
>
> Does seem strange though, maybe tied to the NAS your using?
>
> –
> Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter
> #276890)
> openSUSE Leap 42.1|GNOME 3.16.2|4.1.27-27-default
> If you find this post helpful and are logged into the web interface,
> please show your appreciation and click on the star below… Thanks!
Hi,
Just tried adding the ports manually. No change. I doubt it’s the NAS
causing the issue as connecting to it from other PCs work fine and I had
no problem connecting to it on this computer up until recently.
If I assign my network card to the “internal zone” in the firewall
config I can connect to the NAS aswell, is there any harm in just
leaving it on that setting? Would leaving it on that setting be the same
as not having the firewall running as it applies no filtering to the
internal zone?
Hi
Yes, it will skip, all strange, I have an apple airport acting as my
NAS, no firewall changes needed to connect…
Maybe remove samba client and see if that helps… else maybe there are
some additional rules.
–
Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
openSUSE Leap 42.1|GNOME 3.16.2|4.1.27-27-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!
Check that you have the ’ ip_conntrack_netbios_ns’ module loaded. This allows replies from NetBIOS broadcasts through the firewall (on unprivileged ports) which would otherwise be blocked by iptables.
FW_SERVICES_ACCEPT_RELATED_* (firewall) This is how the SuSEFirewall2 implementation considers packets RELATED by netfilter.
For example, to allow finer grained filtering of Samba broadcast packets, RELATED packets are not accepted unconditionally. Variables starting with FW_SERVICES_ACCEPT_RELATED_ allow restricting RELATED packets handling to certain networks, protocols and ports.
This means that adding connection tracking modules (conntrack modules) to FW_LOAD_MODULES does not automatically result in accepting the packets tagged by those modules. Additionally, you must set variables starting with FW_SERVICES_ACCEPT_RELATED_ to a suitable value.
To browse smb shares from your linux system whilst iptables is running you’ll
have to load the “ip_conntrack_netbios_ns” module. This allows netbios
broadcasts sent from your system back through the firewall:
modprobe ip_conntrack_netbios_ns
To have this loaded each time iptables starts add this to
/etc/sysconfig/iptables-config:
IPTABLES_MODULES=“ip_conntrack_netbios_ns”