Samba Ports Closed

xer01ne · 2017-09-24 12:56:03

I have configured samba IAW the ArchWiki, created the users with smbpasswd and set their passwords, and started smbd (not samba, nmbd or winbindd) service but ports 137,138,139 and 445 remain closed. I've done some poking around to to see if I can figure this out, but nothing seems to be working properly. I can map to the samba folder from within my network, but I cannot access the samba folder from outside of my network. I have all of the listed ports redirected from the router, but when I nmap localhost from the machine hosting samba, the ports are still closed. I am confused and not sure how to open the ports to access the folder from outside of my network.

Here are some outputs (i included extra ports that I know are open to compare):

# nmap -p 445,137,138,139,80,22,32400 localhost

Starting Nmap 7.60 ( https://nmap.org ) at 2017-09-24 08:32 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000024s latency).
Other addresses for localhost (not scanned): ::1
rDNS record for 127.0.0.1: localhost.localdomain 
  
PORT      STATE  SERVICE
22/tcp    open   ssh
80/tcp    open   http
137/tcp   closed netbios-ns
138/tcp   closed netbios-dgm
139/tcp   closed netbios-ssn
445/tcp   closed microsoft-ds
32400/tcp open   plex
                     
Nmap done: 1 IP address (1 host up) scanned in 0.15 seconds

Here is netstat -plnt

# netstat -plnt    
Active Internet connections (only servers)     
Proto Recv-Q Send-Q Local Address     Foreign Address   State PID/Program name     
tcp  00 127.0.0.1:41583   	0.0.0.0:*   	LISTEN	6159/Plex Plug-in [  
tcp  00 0.0.0.0:32400     	0.0.0.0:*   	LISTEN	6052/Plex Media Ser  
tcp  00 0.0.0.0:10000     	0.0.0.0:*   	LISTEN	346/python2    
tcp  00 127.0.0.1:32401   	0.0.0.0:*   	LISTEN	6052/Plex Media Ser  
tcp  00 0.0.0.0:22  		0.0.0.0:*   	LISTEN	474/sshd 
tcp  00 0.0.0.0:33400     	0.0.0.0:*   	LISTEN	6159/Plex Plug-in [  
tcp  00 127.0.0.1:32600   	0.0.0.0:*   	LISTEN	6132/Plex Tuner Ser       
tcp  00 192.168.86.90:445 	0.0.0.0:*   	LISTEN	6631/smbd    
tcp  00 0.0.0.0:33443     	0.0.0.0:*   	LISTEN	6159/Plex Plug-in [     
tcp  00 127.0.0.1:35593   	0.0.0.0:*   	LISTEN	6064/Plex Plug-in [  
tcp  00 192.168.86.90:139 	0.0.0.0:*   	LISTEN	6631/smbd
tcp6 00 :::80 			:::*  		LISTEN	473/httpd 
tcp6 00 :::22 			:::*  		LISTEN	474/sshd 
tcp6 00 :::443			:::*  		LISTEN	473/httpd

Here is systemctl status smbd

# systemctl status smbd  
● smbd.service - Samba SMB/CIFS server
   Loaded: loaded (/usr/lib/systemd/system/smbd.service; disabled; vendor preset: disabled)    
   Active: active (running) since Sun 2017-09-24 08:26:48 EDT; 9min ago
  Process: 6630 ExecStart=/usr/bin/smbd -D (code=exited, status=0/SUCCESS)   
 Main PID: 6631 (smbd) 
    Tasks: 4 (limit: 4915)   
   CGroup: /system.slice/smbd.service    
     ├─6631 /usr/bin/smbd -D 
     ├─6632 /usr/bin/smbd -D 
     ├─6633 /usr/bin/smbd -D 
     └─6635 /usr/bin/smbd -D 
     
Sep 24 08:26:48 banshee systemd[1]: Starting Samba SMB/CIFS server...  
Sep 24 08:26:48 banshee smbd[6630]: [2017/09/24 08:26:48.420230,  0] ../lib/param/loadparm.c:1768(lpcfg_do_service_parameter)
Sep 24 08:26:48 banshee smbd[6630]:   Global parameter workgroup found in service section!
Sep 24 08:26:48 banshee systemd[1]: Started Samba SMB/CIFS server.     
Sep 24 08:26:48 banshee smbd[6631]: [2017/09/24 08:26:48.427813,  0] ../lib/util/become_daemon.c:124(daemon_ready)
Sep 24 08:26:48 banshee smbd[6631]:   STATUS=daemon 'smbd' finished starting up and ready to serve connections
Sep 24 08:26:48 banshee smbd[6635]: [2017/09/24 08:26:48.428883,  0] ../source3/printing/print_standard.c:71(std_pcap_cache_reload)
Sep 24 08:26:48 banshee smbd[6635]:   Unable to open printcap file /etc/printcap for read!

here is iptables -vnL

# iptables -vnL    
Chain INPUT (policy ACCEPT 336K packets, 26M bytes)  
 pkts bytes target     prot opt in     out     source   destination    
     
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)     
 pkts bytes target     prot opt in     out     source   destination    
     
Chain OUTPUT (policy ACCEPT 333K packets, 26M bytes) 
 pkts bytes target     prot opt in     out     source   destination

here is my smb.conf file:

[global]  
   workgroup = MYGROUP 
   server string = Banshee Samba Server  
;   hosts allow = 192.168.1. 192.168.2. 127.   
;   printcap name = /etc/printcap   
   load printers = no  
;   printing = bsd     
   guest account = pcguest    
   log file = /var/log/samba/%m.log
   max log size = 50   
   security = user     
;   password server = <NT-Server-Name>   
;   username level = 8  
;   encrypt passwords = yes   
;   smb passwd file = /etc/samba/smbpasswd
;   unix password sync = Yes  
;   passwd program = /usr/bin/passwd %u   
;   passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %\n *passwd:*all*authentication*tokens*updated*successfully* 
;   username map = /etc/samba/smbusers    
;   include = /etc/samba/smb.conf.%m     
;   interfaces = 192.168.12.2/24 192.168.13.2/24     
;   remote browse sync = 192.168.3.25 192.168.5.255  
;   remote announce = 192.168.1.255 192.168.2.44     
;   local master = no  
;   os level = 33
;   domain master = yes
;   preferred master = yes   
;   domain controller = <NT-Domain-Controller-SMBName>     
;   domain logons = yes
;   logon script = %m.bat    
;   logon script = %U.bat    
;   logon path = \\%L\Profiles\%U  
;   name resolve order = bcast host lmhosts wins   
;   wins support = yes 
;   wins server = w.x.y.z    
;   wins proxy = yes   
;   dns proxy = yes    
;   preserve case = no  
;   short preserve case = no  
;   default case = lower
;   case sensitive = no

[Share]
   workgroup = MYGROUP 
   comment = Shared folder    
   path = /srv/share    
   valid users = roberts ryan
   public = no   
   writable = yes
   printable = yes     
   create mask = 0765  
     
[homes]  
   comment = Home Directories
   browseable = no     
   writable = yes
     
[printers]
   comment = All Printers    
   path = /var/spool/samba   
   browseable = no     
# Set public = yes to allow user 'guest account' to print  
   guest ok = no 
   writable = no 
   printable = yes

This is what I am getting when I try to mount the samba folder from outside of my network:

# mount -t cifs //MYSERVER.net/share /home/roberts/test/ -o user=roberts                                   
Password for roberts@//MYSERVER.net/share:                                                                                       
mount error(115): Operation now in progress                                                                                        
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

Any help is greatly appreciated.

Will

Last edited by xer01ne (2017-09-24 13:07:33)

Trilby · 2017-09-24 14:07:21

xer01ne wrote:

I can map to the samba folder from within my network, but I cannot access the samba folder from outside of my network.

I don't have any experience with samba, but this in itself seems to pretty clearly indicate that the host machine is configured just fine. The problem is some intermediary along the network. The first suspect would be your router, but ...

xer01ne wrote:

I have all of the listed ports redirected from the router, but when I nmap localhost from the machine hosting samba, the ports are still closed.

Either you have not actually properly configured the router, or there is some yet farther out firewall or block. Might your ISP be blocking some traffic?

In any case, you probably don't need to be looking further into the host system's configs, but instead should be looking at the network nodes outside the host system

xer01ne · 2017-09-24 15:27:33

Good point, I could try switching to another port since these are the known samba ports. My ISP *could* block some known ports like that, but since my Plex server, web server and other various ports are open and working, I know they aren't blocking everything. I'll try switching to port 10000 and 10001 to see if that fixes the problem... I'll post my findings.

seth · 2017-09-24 15:35:27

Would you please not open smb ports to the internet?
Whatever you're trying to do - you're doing it wrongly. SMB does not belong into a public network.

xer01ne · 2017-09-24 17:02:58

seth wrote:

Would you please not open smb ports to the internet?
Whatever you're trying to do - you're doing it wrongly. SMB does not belong into a public network.

I understand this might not be the *best* way, but from what I see, this is one of the few ways to create a working/shared directory between two networks where I can access and work on files without having to upload/download every time. Additionally, I only want access to this folder... nothing else.

I tried mapping to a random port, and the port opens, but I still get the following error:

mount error(115): Operation now in progress                                                                                        
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

Slithery · 2017-09-24 17:12:16

xer01ne wrote:

I understand this might not be the *best* way, but from what I see, this is one of the few ways to create a working/shared directory between two networks where I can access and work on files without having to upload/download every time.

SSHFS is one of many options.
If you already have SSH set up then no other configuration or open ports are necessary. Simples.

Last edited by Slithery (2017-09-24 17:23:57)

Arch Linux

#1 2017-09-24 12:56:03

Samba Ports Closed

#2 2017-09-24 14:07:21

Re: Samba Ports Closed

#3 2017-09-24 15:27:33

Re: Samba Ports Closed

#4 2017-09-24 15:35:27

Re: Samba Ports Closed

#5 2017-09-24 17:02:58

Re: Samba Ports Closed

#6 2017-09-24 17:12:16

Re: Samba Ports Closed

Board footer