Hi. I am a newbie to zorin os core 17.2. It's just been a month.
I wanted to know how to configure the UFW(the in-built firewall )properly. I want to use hotspot from my laptop'ethernet to other devices when UFW is on. The android devices just keep saying "connecting" and never connects. It works when UFW is off.
How do I set the hotspot as a exception in UFW? So that the hotspot will work with UFW on.
Current UFW settings is set to on with home mode, incoming traffic disabled, outgoing enabled.
It would be also helpful if anybody could tell if zorin connect needs to be a UFW exception to work correctly.
To allow devices to connect to your Ubuntu-based hotspot using UFW, you’ll need to open specific ports. Here’s a step-by-step guide:
Identify the necessary ports: Connectify Hotspot uses UDP (User Datagram Protocol) and TCP (Transmission Control Protocol) ports for UPnP (Universal Plug and Play), DHCP (Dynamic Host Configuration Protocol), and DNS (Domain Name System) services.
UDP ports: 68 (DHCP) and 5353 (UPnP)
TCP ports: 53 (DNS) and 67 (DHCP)
Open the necessary ports in UFW: Run the following commands:
Sadly the commands don't work:
sudo ufw allow udp 68
sudo ufw allow udp 5353
sudo ufw allow tcp 53
sudo ufw allow tcp 67
.
These give me an error saying: Need 'to' or 'from' clause. I was giving them one by one in zorin's terminal.
Although, thanks for the zorin connect suggestion.
My bad. The ports relate to 'Connectify Hotspot' app.
" here are some alternatives to Connectify Hotspot for Android:
mHotspot: A free alternative that allows you to turn your Android device into a Wi-Fi hotspot.
Hotspot Shield: A popular VPN-based hotspot app that also offers ad-blocking and privacy features.
WiFi Tether Router: A tool that enables your Android device to become a Wi-Fi router, allowing you to share your internet connection with other devices.
Osmino: A simple and user-friendly app that allows you to share your Android device’s Wi-Fi connection with others."
Use a port scanning tool: Download and install a port scanning tool, such as Fing (for Android) or Ksiri (for Android). These tools can scan the hotspot’s IP address and identify open ports.
The first is a feature of modern network cards that have the capability of creating their own Wi-Fi entry point for other devices to connect, just like any home router does. At this point, no firewalls are involved.
A firewall is a piece of software that monitors packages and applies some rules to reject, allow or redirect, based on certain conditions, such as where are the packet is destined to or where are is originated from.
Did you mean to say that your Android device is not able to connect to the Wi-Fi hotspot? Or are you already connected to that, and using Zorin Connect does not work?
Assume that you mean the latter, you need to create a firewall rule that allows traffic on ports used by Zorin Connect, as mentioned in this thread:
NOTE: Make sure to undo the rules added mentioned above by @swarfendor437 , you do not need incoming rules for those. You can do so by selecting the rule in the graphical interface, and using the "−" icon at the bottom to delete the rule. Or, through the terminal:
# list all active rules
sudo ufw status verbose
# delete nth rule, where n is the position of the rule
# sudo ufw delete n
sudo ufw delete 1
The zorin connect one was tested with UFW enabled.And your solutions works when UFW is on.
But the problem is in the hotspot. Even though you mentioned the hotspot doesn't interfere with UFW , in my case it does. If UFW is disabled, my android devices can easily connect to my laptop's hotspot. But if UFW is enabled, the android devices just say connecting, and never actually connects. I waited for 20 mins for it to connect when UFW stays on but to no avail. So I need help with that.
Mmm I see, turns out that @swarfendor437 was correct on firewall rules being needed. I was under the impression the firewall would only intercept packages from certain applications... but I suppose that, technically, the NetworkManager itself is just like any other program after all, needing its own firewall rules to operate correctly. My bad!
Try with the following command:
sudo ufw allow in on <wireless_interface> to any proto udp port 53,67,68
Where <wireless_interface> is the name of the network interface that is doing the sharing on your system.
To find that out what value that is exactly, run ip a. This should return a list of all the system's network interfaces. Wireless interfaces start with w and may look something like wlp7s0.
Plug that value in the command from above (you do not need the angle brackets, I used them to signify a placeholder), and that will create a firewall rule for incoming packets on that network interface and only for those ports: 53, 67 & 68.
You have now added new information. TP-Link devices don't work out of the box. What is the TP-Link device? If you are trying to connect your mobile to a dongle that might be the issue. If you are using a 4g dongle only one device at a time can use the dongle for internet connection. For more than one device you wikl need something like a ZTE dongle model that supports up to 10 devices.
I was able to get it to connect using these ports, but while using Debian and not Zorin OS, so maybe something else is different and you need to add few more rules.
To simplify things, at least for now, try using a more relaxed rule that allows incoming traffic to your network card without any ports. Make sure to delete the previous one first.
sudo ufw allow in on wlp2s0
sudo ufw reload
If this works, you can then launch GUFW, move to the Report tab and add a few extra rules using the entries listed there. Selecting one of them and clicking on the + sign at the bottom of the window, you can derive a new rule with all the details populated already for you; just click add.
You shouldn't need to add all of them. I suggest going by one one so that you can narrow down the problem, but definitely the ones at port 53, 67 and 68 should be added first.
