From The Official Samba 3.2.x HOWTO and Reference Guide:
Many people use a firewall to deny access to services they do not want exposed outside their network. This can be a good idea, although I recommend using it in conjunction with the above methods so you are protected even if your firewall is not active for some reason.In order to open these ports, you must run the following commands:
If you are setting up a firewall, you need to know what TCP and UDP ports to allow and block. Samba uses the following:
Port 135/TCP - used by smbd
Port 137/UDP - used by nmbd
Port 138/UDP - used by nmbd
Port 139/TCP - used by smbd
Port 445/TCP - used by smbd
The last one is important because many older firewall setups may not be aware of it, given that this port was only added to the protocol in recent years.
When configuring a firewall, the high order ports (1024-65535) are often used for outgoing connections and therefore should be permitted through the firewall. It is prudent to block incoming packets on the high order ports except for established connections.
sudo ufw allow proto tcp to any port 135 from 192.168.1.0/24Of course, you should replace 192.168.1.0/24 with the appropriate IP/CIDR subnet for your network.
sudo ufw allow proto udp to any port 137 from 192.168.1.0/24
sudo ufw allow proto udp to any port 138 from 192.168.1.0/24
sudo ufw allow proto tcp to any port 139 from 192.168.1.0/24
sudo ufw allow proto tcp to any port 445 from 192.168.1.0/24
Generally speaking, I find it useful to add rules by service whenever possible. For example, if I want to open up ports for AOL/AIM, I can add this rule:
sudo ufw allow aolThe syntax is much less verbose and thus easier to remember. You can see a list of all service names by doing
less /etc/servicesNot everything will be listed, but most common services are.
No comments:
Post a Comment