Hello there, sorry for such a late reply. It has been a long time since I could make these tests.
Il 27/09/2016 13:12, Thomas Woerner ha scritto:
Are you using IPv4 or IPv6?
As you are using samba on the client side, then samba-client should be enough.
In my local networking, IPv4 is used. I've enabled the *samba-client* rule on my computer.
Please enable LogDenied in the firewalld.conf file and add the system log entries that are related to samba and your server.
I've enabled the *LogDenied* option, with value *all*, but I had no useful output in the log file. I've some output in the system log, when giving $ ping netbios_server I got this: nov 26 18:53:39 antergos_E1-570G kernel: FINAL_REJECT: IN=wlp3s0 OUT= MAC=48:d2:24:66:ab:ec:00:11:32:3b:7b:60:08:00 SRC=192.168.0.50 DST=192.168.0.112 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=137 DPT=41467 LEN=70
Additionally, printing iptables (with *sudo iptables -L*): Chain IN_home_allow (1 references) target prot opt source destination ... ACCEPT udp -- anywhere anywhere udp spt:ssdp ctstate NEW ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns ctstate NEW ...
I've noticed that I should consider 137 also as source port, as reply from the broadcast... At least, I think so.
Please also add the output of these commands:
firewall-cmd --get-active-zones
$ firewall-cmd --get-active-zones home interfaces: wlp3s0 sources: 192.168.0.1/24
firewall-cmd --list-all
$ firewall-cmd --list-all --zone=home home (active) target: default icmp-block-inversion: no interfaces: wlp3s0 sources: 192.168.0.1/24 services: transmission dhcpv6-client ntp steam mdns ssh ssdp samba-client ports: 4321/tcp 4321/udp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
route -n
$ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.0.1 0.0.0.0 UG 600 0 0 wlp3s0 192.168.0.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp3s0
If you additionally have direct rules, then also these.
No, no active rules for me.