Samba and Firewall

I have OpenSUSE Leap 15.2 installed on 3 computers and I am trying to use Samba to transfer files. I have been doing this for years, but I have a problem with 15.2. I think I have narrowed it down to the firewall settings.

As set up, when I click Network, then Shared Folders(SMB), each computer sees only itself. By disabling Firewald on one computer, it can access all three, but I do have to type in the name in order to see the folders. If I then restart the firewall, I can still access shared folders on all three computers by typing in the names, but Dolphin shows only the one I am on and one other.

Here are the services set for the home zone of the Firewall on all three: dhcp dhcpv6 dhcpv-client dns ftp ipp ipp-client kdeconnect-kde kerberos mdns nfs samba samba-client ssh.

What am I missing or what else should I do?

Question is: Which zone have you assigned to your network interface for this LAN?

The zone is “home”.

Can you reach the other machines in Dolphin with

smb://10.0.0.10/

?

Thanks for trying to help me.

Firewall on:

@localhost:~> smb://10.0.0.10/
bash: smb://10.0.0.10/: No such file or directory

Can only access the computer I am using by typing names.

Firewall off:


@localhost:~> smb://10.0.0.10/
bash: smb://10.0.0.10/: No such file or directory

but I can now access the shared files on the other two computers by their names.

After restarting the firewall, I can still type the names and access the other two computers. I don’t know how long that will persist.

For Dolphin samba discovery, you need to allow mdns/dns-sd by allowing ‘mdns’ in the hosts firewalls.

@deano ferrari

In my description of the problem that you quoted, I stated:

"Here are the services set for the home zone of the Firewall on all three: dhcp dhcpv6 dhcpv-client dns ftp ipp ipp-client kdeconnect-kde kerberos mdns nfs samba samba-client ssh.

What am I missing or what else should I do?"

Sorry, missed that. It should be working. Are you able to reach the other samba hosts by their Avahi hostname?

For reference, I’m using the KDE version from the openSUSE KDE repos. Perhaps that makes a difference.

https://en.opensuse.org/SDB:KDE_repositories

I also allow ‘ws-discovery’ so that Windows hosts can be annunciated in Dolphin. (Dolphin v20.04.0 onwards)

‘ws-discovery’ is not available in Firewald on my three computers. All three machines are OpenSUSE Leap 15.2. With regard to KDE, I need to solve the connection problem (that appears to be a firewall problem), then I’ll worry about the secondary issue of the browsing. Dolphin woks fine once I type in the computer names.

You’d need to have ‘wsdd2’ installed for that. It also provides the wsdd2.service unit to provide the necessary support (for advertising samba servers to windows hosts).

See this thread for more info…
https://forums.opensuse.org/showthread.php/543049-SAMBA-and-host-names-in-local-network?p=2955301#post2955301

All three machines are OpenSUSE Leap 15.2. With regard to KDE, I need to solve the connection problem (that appears to be a firewall problem), then I’ll worry about the secondary issue of the browsing. Dolphin woks fine once I type in the computer names.

I think I recall similar smb discovery behaviour when using the Dolphin version provided by default (openSUSE Leap 15.2), but I’ve been later versions (supplied by KDE repos) for quite some time.

BTW, for clarification purposes (with respect to the firewall), can you confirm the config by posting the output of

firewall-cmd --list-all --zone=home

*In particular, just making sure that the expected interface is bound to the ‘home’ zone.

I have already looked at that thread, and you say:

You should also know that if using KDE Plasma 5.18.x with Dolphin 20.04.0+ , the WS-Discovery protocol is now used to enumerate Windows hosts on the LAN (along with Avahi for Linux samba hosts)…

I don’t have any Windows machines, so if you’re correct, I don’t need wsdd2.

Here is the result of an avahi check (Firewall on)

@localhost:~> avahi-browse --all
+  wlan0 IPv6 ENVY_2021                                     _device-info._tcp    local
+  wlan0 IPv6 linux                                         SSH Remote Terminal  local
+  wlan0 IPv6 linux                                         SFTP File Transfer   local
+  wlan0 IPv6 ENVY_2021                                     Microsoft Windows Network local
+  wlan0 IPv4 ENVY_2021                                     _device-info._tcp    local
+  wlan0 IPv4 linux                                         SSH Remote Terminal  local
+  wlan0 IPv4 linux                                         SFTP File Transfer   local
+  wlan0 IPv4 ENVY_2021                                     Microsoft Windows Network local

and with Firewall off:

@localhost:~> avahi-browse --all
+  wlan0 IPv6 linux                                         SFTP File Transfer   local
+  wlan0 IPv4 linux                                         SFTP File Transfer   local
+  wlan0 IPv6 ENVY_2021                                     Microsoft Windows Network local
+  wlan0 IPv4 ENVY_2021                                     Microsoft Windows Network local
+  wlan0 IPv6 ENVY_2021                                     _device-info._tcp    local
+  wlan0 IPv4 ENVY_2021                                     _device-info._tcp    local
+  wlan0 IPv6 linux                                         SSH Remote Terminal  local
+  wlan0 IPv4 linux                                         SSH Remote Terminal  local

With firewall off, in Dolphin: Network/Shared Folders(SMB), when I type the name, e.g. Elite, I go directly to the shared folders on whichever of the three machines i choose. When I turn the Firewall back on, I can still access the folders on all three machines by typing their names.

Correct (although if it present, Dolphin will report such hosts as well as it now supports WS-Discovery).

Here is the result of an avahi check (Firewall on)

@localhost:~> avahi-browse --all
+  wlan0 IPv6 ENVY_2021                                     _device-info._tcp    local
+  wlan0 IPv6 linux                                         SSH Remote Terminal  local
+  wlan0 IPv6 linux                                         SFTP File Transfer   local
+  wlan0 IPv6 ENVY_2021                                     Microsoft Windows Network local
+  wlan0 IPv4 ENVY_2021                                     _device-info._tcp    local
+  wlan0 IPv4 linux                                         SSH Remote Terminal  local
+  wlan0 IPv4 linux                                         SFTP File Transfer   local
+  wlan0 IPv4 ENVY_2021                                     Microsoft Windows Network local

and with Firewall off:

@localhost:~> avahi-browse --all
+  wlan0 IPv6 linux                                         SFTP File Transfer   local
+  wlan0 IPv4 linux                                         SFTP File Transfer   local
+  wlan0 IPv6 ENVY_2021                                     Microsoft Windows Network local
+  wlan0 IPv4 ENVY_2021                                     Microsoft Windows Network local
+  wlan0 IPv6 ENVY_2021                                     _device-info._tcp    local
+  wlan0 IPv4 ENVY_2021                                     _device-info._tcp    local
+  wlan0 IPv6 linux                                         SSH Remote Terminal  local
+  wlan0 IPv4 linux                                         SSH Remote Terminal  local

With firewall off, in Dolphin: Network/Shared Folders(SMB), when I type the name, e.g. Elite, I go directly to the shared folders on whichever of the three machines i choose. When I turn the Firewall back on, I can still access the folders on all three machines by typing their names.

Yes, which tells me that it is not a firewall issue as such.

Here it is:

@localhost:~> firewall-cmd --list-all --zone=home
home (active)
target: default
icmp-block-inversion: no
interfaces: wlan0
sources:
services: ssh mdns samba-client dhcpv6-client dhcp dhcpv6 dns kdeconnect-kde kerberos nfs samba ftp ipp ipp-client
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

BTW, thinking about your opening post, where you mentioned

I have been doing this for years, but I have a problem with 15.2. I think I have narrowed it down to the firewall settings.

…samba behaviour did change when SMBv1 was disabled by default

https://forums.opensuse.org/showthread.php/538002-SMB1?p=2918174#post2918174

This stopped the NetBIOS-based discovery/browsing. However, KDE Dolphin should be able to find Linux samba servers via Avahi. I just can’t remember if it was working for me prior to upgrading via subscribing to the KDE repos.

Ok, thanks for confirming.

fwiw the command has to be entered in the Dolphin commandline and the 10.0.0.10 has to be replaced by the actual LAN IP of one of your samba servers… :cry:

Yes, I was surprised that the OP didn’t get this. However, they did say that they can access the server when explicitly entering the (DNS?) hostname, so I assume that there are no issues here. Using Avahi hostnames should also work without issue, but looking back through this thread I think that this may be about expectation based on the former NetBIOS functionality associated with SMB1 (now deprecated and only enabled if explicitly enabled with its associated risks).

I think that we have drifted off the subject.

I don’t mind typing the name of the computer I want to access (and, by the way, it doesn’t require the IP address), if that’s the best we can do after so many “improvements” in the OS.

Why do I have to stop the firewall on one computer in order to access the shared files on the others? Can this be fixed? It seems like it just needs another permitted service.

If you want to debug this you have to go from the basics (resolve with IP) to the more advanced options, otherwise you can not identify where the problem arises from. Mostly it’s misconfigurations…

And why smb1 has been turned off is your homework until next week… :-p