How to config ufw/ufw-frontends for Samba browsing/printing

Issues Related to Networking (Wired and Wireless)

Moderator: Moderators

Post Reply
Fitzcarraldo
Sagely Hen
Posts: 8195
Joined: Sat Mar 10, 2007 5:40
Location: United Kingdom
Contact:

How to config ufw/ufw-frontends for Samba browsing/printing

Post by Fitzcarraldo » Sun Jul 10, 2011 20:19

I'm posting this just in case someone who uses the firewall that comes with SL 6 (ufw is the CLI and ufw-frontends is the GUI) cannot work out why browsing and printing via Samba on your home network is no longer working.

I'm assuming that UFW is enabled and is configured to start automatically at start-up, which I believe is the case if you install SL from the SL 6 KDE/GNOME LiveDVD (You can check your situation by using the commands ufw status and rc-update show | grep ufw as root user in a Konsole/Terminal window).

1. To access Windows SMB shares on a Windows PC and to print to a printer connected to that PC from a SL PC:

Code: Select all

# nano /etc/default/ufw
and add nf_conntrack_pptp and nf_conntrack_netbios_ns to list in IPT_MODULES

(Actually nf_conntrack_pptp allows a VPN to be used, but you may as well add it too while you're at it.)

2. To access Samba shares on a SL PC from a Windows PC, launch ufw-frontends and add the rule:

General
Direction: In
Action: Allow
Protocol: Any
Logging: Off

Source
Address: Custom 192.168.1.0/24
Port: Any

Destination
Address: Any
Port: Application CIFS

and now the list of rules reported by ufw should include:

Code: Select all

# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip

To                         Action      From
--                         ------      ----
137,138/udp (CIFS)         ALLOW IN    192.168.1.0/24
139,445/tcp (CIFS)         ALLOW IN    192.168.1.0/24
N.B. My router uses 192.168.1.0/24 as the internal IP address range for my home network. Your router may use a different internal address range, so check in your router's User Guide or its Web configuration page and modify your rule accordingly if necessary.

Post Reply