samba & firewall problem on fedora20

asked 2015-03-02 23:19:19 -0600

Brad Walker gravatar image

I was having some serious difficulty with getting Samba to work through the installed firewall on Fedora20. But, I did manage to finally figure out what the problem is.

Now I need some help on the proper solution/fix.

I configured Samba and then added it to the list of services for my firewall zone. Yet, I was having problems getting Samba through the firewall.

Here is what my firewall zone looks like.

[root@localhost bwalker]# firewall-cmd --zone=home --list-services
dhcpv6-client mdns samba samba-client ssh
[root@localhost bwalker]# firewall-cmd --get-active-zones
home
  interfaces: enp1s0
[root@localhost bwalker]#

So far good. But, I still wasn't able to access the Samba share from my windows box. So I took a look at the iptables and discovered that it looks like I was getting ICMP host prohibited (this agrees w/ what I was seeing in Wireshark).

So my iptables looks like this.

[root@localhost bwalker]# iptables -L -n
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination
    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
    INPUT_direct  all  --  0.0.0.0/0            0.0.0.0/0
    INPUT_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0
    INPUT_ZONES  all  --  0.0.0.0/0            0.0.0.0/0
    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
    DROP       all  --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID
    REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination
    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
    FORWARD_direct  all  --  0.0.0.0/0            0.0.0.0/0
    FORWARD_IN_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0
    FORWARD_IN_ZONES  all  --  0.0.0.0/0            0.0.0.0/0
    FORWARD_OUT_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0
    FORWARD_OUT_ZONES  all  --  0.0.0.0/0            0.0.0.0/0
    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
    DROP       all  --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID
    REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    OUTPUT_direct  all  --  0.0.0.0/0            0.0.0.0/0

    Chain FORWARD_IN_ZONES (1 references)
    target     prot opt source               destination
    FWDI_home  all  --  0.0.0.0/0            0.0.0.0/0           [goto]
    FWDI_home  all  --  0.0.0.0/0            0.0.0.0/0           [goto]

    Chain FORWARD_IN_ZONES_SOURCE (1 references)
    target     prot opt source               destination

    Chain FORWARD_OUT_ZONES (1 references)
    target     prot opt source               destination
    FWDO_home  all  --  0.0.0.0/0            0.0.0.0/0           [goto]
    FWDO_home  all  --  0.0.0.0/0            0.0.0 ...
(more)
edit retag flag offensive close merge delete