Allow Samba through your Linux firewall with ufw

As most of you know, Samba allows your Linux machine to work with Windows machines (and vice versa). Without Samba Linux would be locked in an unable to play nicely on heterogeneous networks. So what most Linux users do is install Samba to allow file/folder sharing and network browsing. Typically speaking, Samba is very easy to install and work with. But when problems arise Samba can be a nightmare to troubleshoot. One of the first steps in your troubleshooting should always be your firewall as this is very often the problem. What do you do if your firewall isn't allowing Samba through? You tell your firewall to allow Samba to pass. Let's see how this is done.

I want to show you how this is done in two different ways: Using a typical firewall GUI and the ufw command line. For the GUI I am going to illustrate this with GUFW (GNOME frontend for UFW). Naturally, each GUI firewall tool will deal with this process differently, but understanding the fundamentals of what you're looking for should give you enough information about how exactly to manage the task with the firewall tool you use.

ufw

Let's start with the more challenging task first. I will assume you know some of the basics. What we will be doing is allowing the necessary Samba ports through with the help of the UFW command line. Let's first check to make sure your firewall is enabled. To do this issue the command:

sudo iptables -L

When you issue the above command you should see output similar to what you see in Figure 1. If you see nothing, that means your firewall isn't enabled.

Now, let's add the rules to allow Samba to pass through your firewall. I am going to illustrate this using the 192.168.1.0 IP address scheme. You can adjust this to fit your needs. The commands you need to run, to open up the necessary ports are:

sudo ufw allow proto udp to any port 137 from 192.168.1.0/24
sudo ufw allow proto udp to any port 138 from 192.168.1.0/24
sudo ufw allow proto tcp to any port 139 from 192.168.1.0/24
sudo ufw allow proto tcp to any port 445 from 192.168.1.0/24

You will issue the above commands one at a time.

GUFW

Now let's take a look at allowing Samba through your firewall using the UFW front-end, GUFW.  You can start the GUFW tool by clicking System > Administration > Firewall Configuration. When the GUFW window opens (see Figure 2). If the firewall is not enabled, check the Enabled check box to start it up. Once it is started up you can then add rules to the configuration.

When you click the Add button a new window will appear (see Figure 3). From this window select the Preconfigured tab. In this window select the following:

• Allow
• In
• Service
• Samba

When you have the above selected, click Add. Now go back and add another rule to use the same configuration as above with the exception of selecting Out instead of In. Once you have done that, close the Add Rule window and then quit the GUFW window. Your firewall should now allow Samba through.

Advertisement