You are not logged in.

#1 2017-03-15 20:05:15

Serede
Member
Registered: 2014-01-24
Posts: 14

samba-client browsing blocked by firewalld even with service allowed

Some context:

  • Arch Linux x86_64 4.10.2-1-ARCH

  • firewalld 0.4.4.3-1

  • smbclient 4.5.4-1

  • networkmanager 1.6.2-3

I'm trying to browse my local Samba shares using `smbtree -N` while firewalld is running with my wlan interface set to 'home' zone, which has the 'samba-client' service enabled (thus Samba client ports are open).

The result is my machine sending a broadcast NetBIOS packet (all fine up to this point), but then all I receive is a name query response from the Samba server machine and a "Destination unreachable (Host administratively prohibited)" ICMP message. The firewalld log shows UDP packets sent from the Samba server to a random high port of my machine being dropped.

So apparently the Samba server believes my machine is listening for the browse query results at some random port, but firewalld is dropping these packets.

I have worked it around by whitelisting the Samba server machine's IP in a rich rule. However, I'm utterly uncomfortable with this and I would like to know why is this happening. Any ideas?

Related issues:

Offline

#2 2017-04-29 19:52:11

BIgE
Member
Registered: 2017-04-29
Posts: 1

Re: samba-client browsing blocked by firewalld even with service allowed

I have this problem as well using firewalld and connecting to samba shares. I just happened to stumble across this in the wiki https://wiki.archlinux.org/index.php/sa … _server.22 and applied it to iptables while firewalld is running. This seems to allow me to view shares using `smbtree -N` I'm just not sure how to make it a part of firewalld permanently... running `firewall-cmd --runtime-to-permenant` doesn't seem save the change and I'm not sure how to apply that rule directly to firewalld.

Offline

Board footer

Powered by FluxBB