I can’t access with samba WORKGROUP.
Dolphin-> network-> samba shares->
No working group is discoverable(findable) on the local network. This would be able are caused by an activated Firewall.
smb: / “computer name”
and to me the shares of the concerning(relevant) computer are indicated(signalised) like
otherwise(but) under WORKGROUP.
How can I reach(achieve) that WORKGROUP is indicated(signalised)?
and what about if you stop the firewall?
# systemctl stop firewalld
Ok. without firewall WORKGROUP is showed.
What can I do for settings in firewall?
I only know this way, but I’m not a firewall expert:
# firewalld-cmd --permanent --zone=public --add-port=1024-65535/udp
# systemctl restart firewalld
You can set the firewall also with firewall-config
I guess you can do that from System Settings applet too.
Probably, firewalld-cmd should be written firewall-cmd (without the “d”).
The ports needed by samba are given here, at least for a simple configuration.
It’s easy to configure firewalld with firewall-config
Ideally, for a windows workgroup discovery, it should be sufficient to allow the incoming udp packets from the only port 137.
I don’t know how to do it with firewall-config, but in cli:
iptables -I IN_internal_allow -p udp -s 192.168.0.0/16 --sport 137 -j ACCEPT
Note that the chain IN_internal_allow is defined by firewalld.
OK. - with firewall-config ‘add-port=1024-65535/udp’ works fine.
Sure, sorry for the typo.
Port 137/udp is open in firewalld config, but dolphin do not discover samba shares
I have answered far too fast and I should have been more specific. Sorry.
When a request is sent to discover the windows shares, the source port is udp/1024-65535 and the destination port is udp/137.
When the master browser answers, its source port is udp/137 and the destination port is the one used by the request.
Therefore, the firewall should allow only those packets. This is more restrictive than allowing packets from any udp ports.
I should have written:
iptables -I IN_<zonename>_allow -p udp -s 0.0.0.0/0 --sport 137 --dport 1024:65535 -j ACCEPT
But this is not permanent. With firewall-cmd:
firewall-cmd --permanent --zone=<zonename> --add-source-port=137/udp
This can also be done with firewall-config (thumbnail “source port”)
The result isn’t as specific however.
Anyway, firewall-config permits the choice of the zone for an interface. So, it is possible to choose the zone trusted to make the network discovery working.
ok. tested with source port 137/udp and it works!
postedit: so it seems that source port 137/udp in firewalld->service->samba-client is missing
Then, what is the right command/procedure exactly?
So we can mark it as the issue solution.
I think that add source port 137/udp in firewalld config could be the best solution
Hmm, right now, I don’t see any reason to not add it.
Maybe, we could ask other people for more tests before?
only the command
# firewall-cmd --permanent --zone=public --add-source-port=137/udp
has no effect for showing WORKGROUP.
Additional the command
# iptables -I IN_public_allow -p udp -s 0.0.0.0/0 --sport 137 --dport 1024:65535 -j ACCEPT
let me show the WORKGROUP.
And if you restart firewalld?
systemctl restart firewalld
It works also after Reboot.