firewalld icon indicating copy to clipboard operation
firewalld copied to clipboard

Published 20 hours ago verified publisher icon firewalld

Firewalld is blocking Network/Samba Client in KDE/Dolphin

Open CaptainCoward opened this issue 1 year ago • 4 comments

What happened

When trying to access a shared Folder (samba) of my other Computer via KDE/Dolphin/Network the access gets blocked by Firewalld. Even if i unblock every service it just refuses to work:

The Computer will be show up under Network yet i can't access it. This seems to be related to some DNS issue since smb://IP-Adress seems to work while smb://computername doesn't. As soon as i disable Firewalld i also will be able to connect via smb://computername.

What you expected to happen

be able to connect..

How to reproduce it (as minimally and precisely as possible)

Use KDE/Dolphin -> Network -> try to access shared folder PC via SMB by it's computername.

Anything else we need to know?

No response

Firewalld Version

2.1.0-1

Firewalld Backend

ntftables

Linux distribution

EndouverOS

Linux kernel version

6.7.0-arch3-1

Other information

No response

CaptainCoward avatar Jan 15 '24 13:01 CaptainCoward

You want to use samba-client not samba.

erig0 avatar Jan 18 '24 20:01 erig0

That's not the issue. The computer that shares the folder with Samba has no firewall.It isn't the server that's blocking access. It's my "client" computer which uses Firewalld. As long as i have firewalld running i can't connect to the server.. i'm only able to see it in Dolphin/Network though can't access it. I even tried allowing literally all services yet access still is not possible. Firewalld prevents Dolphin from loading the Files. I have to disable firewalld-service after that it works. though it's super annoying to always kill firewalld first.

CaptainCoward avatar Jan 20 '24 12:01 CaptainCoward

I'm aware that it's the client traffic that's being blocked. The samba-client service allows netbios-ns, which is what's being blocked according to your original report.

Perhaps you could give it a try?

I even tried allowing literally all services yet access still is not possible.

Can you enable --set-log-denied all, then look at the drop reports in dmesg ? That'll tell you what's being blocked.

erig0 avatar Jan 20 '24 16:01 erig0

I have done so but i have no clue what it means. These two lines seem to appear when i try to connect to the other computer. No clue if MAC is "good" to share so i removed it just in case.

STATE_INVALID_DROP: IN=enp42s0 OUT= MAC=xxx SRC=192.168.0.31 DST=192.168.0.33 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=30059 DF PROTO=TCP SPT=445 DPT=38298 WINDOW=249 RES=0x00 ACK FIN URGP=0 

filter_IN_home_REJECT: IN=enp42s0 OUT= MAC=xxx SRC=198.252.206.25 DST=192.168.0.33 LEN=113 TOS=0x00 PREC=0x00 TTL=47 ID=60435 DF PROTO=TCP SPT=443 DPT=35746 WINDOW=62 RES=0x00 ACK PSH URGP=0

CaptainCoward avatar Jan 25 '24 21:01 CaptainCoward