Unable to connect to servers (SSH/Samba) on Zorin

Hardware Support
1

Hi.
I'm running Zorin 16.2 Pro with upgraded kernel 6.3 on my system.
I'm able to perform outbound connections, e.g. the internet, connect other Samba/SSH servers on the LAN but can't perform any inbound connections from external systems.
The LAN is on the wifi adaptor:

sudo lshw -c network
  *-network                 
       description: Ethernet interface
       product: RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller
       vendor: Realtek Semiconductor Co., Ltd.
       physical id: 0
       bus info: pci@XXXX:XX:XX.X
       logical name: XXXXXXX
       version: 15
       serial: XX:XX:XX:XX:XX:XX
       size: 1Gbit/s
       capacity: 1Gbit/s
       width: 64 bits
       clock: 33MHz
       capabilities: pm msi pciexpress msix bus_master cap_list ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation
       configuration: autonegotiation=on broadcast=yes driver=r8169 driverversion=6.3.13-060313-generic duplex=full firmware=rtl8168h-2_0.0.2 02/26/15 latency=0 link=yes multicast=yes port=twisted pair speed=1Gbit/s
       resources: irq:38 ioport:f000(size=256) memory:XXXXXXXX-XXXXXXXX memory:XXXXXXXX-XXXXXXXX
  *-network
       description: Wireless interface
       physical id: 1
       bus info: usb@4:1
       logical name: wlx9XXXXXXXXXXX
       serial: XX:XX:XX:XX:XX:XX
       capabilities: ethernet physical wireless
       configuration: broadcast=yes driver=mt7921u driverversion=6.3.13-060313-generic firmware=____010000-20220209150915 ip=192.168.1.117 link=yes multicast=yes wireless=IEEE 802.11

The firewall is disabled:

sudo ufw status
Status: inactive

Services/servers are running:

systemctl status smbd
● smbd.service - Samba SMB Daemon
     Loaded: loaded (/lib/systemd/system/smbd.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2023-12-12 12:00:22 AWST; 26min ago
       Docs: man:smbd(8)
             man:samba(7)
             man:smb.conf(5)
   Main PID: 1484 (smbd)
     Status: "smbd: ready to serve connections..."
      Tasks: 4 (limit: 38231)
     Memory: 18.6M
     CGroup: /system.slice/smbd.service
             ├─1484 /usr/sbin/smbd --foreground --no-process-group
             ├─1488 /usr/sbin/smbd --foreground --no-process-group
             ├─1489 /usr/sbin/smbd --foreground --no-process-group
             └─1490 /usr/lib/x86_64-linux-gnu/samba/samba-bgqd --ready-signal-fd=45 --par>

Dec 12 12:00:22 XXXX-XX-XXXX systemd[1]: Starting Samba SMB Daemon...
Dec 12 12:00:22 XXXX-XX-XXXX systemd[1]: Started Samba SMB Daemon.

But when I try to ping from external systems:

ping 192.168.1.117
PING 192.168.1.117 (192.168.1.117) 56(84) bytes of data.
From 192.168.1.107 icmp_seq=1 Destination Host Unreachable

When samba from external system:

smbclient -L 192.168.1.117 -U XXXX
do_connect: Connection to 192.168.1.117 failed (Error NT_STATUS_HOST_UNREACHABLE)

Note device isolation is disabled on the wifi router as the reverse samba call works.
Any ideas why this is happening?
Thanks in advance for any help with this.

1 Like
2

Check the output of sudo ss -ntlp to make sure that the Wi-Fi interface is being picked up for incoming connections on those processes. Although I suspect the issue is more fundamental than this... What if you enable the firewall and explicitly create rules that allow traffic?

1 Like
3

Thanks @zenzen. I'll check it out and get back to you.

4

@zenzen Lol. Spot on about enabling FW! sudo ss -ntlp came back with smbd listening on any interface, so I proceeded to enable firewall and add samba to it. Now it lets me connect! Go figure!?!

smbclient -L 192.168.1.117 -U XXXX
Password for [WORKGROUP\XXXX]:

	Sharename       Type      Comment
	---------       ----      -------
	print$          Disk      Printer Drivers
	IPC$            IPC       IPC Service (XXXX-XX-XXXX server (Samba, Ubuntu))
	Downloads       Disk      
SMB1 disabled -- no workgroup available

Thanks for your help with this.

1 Like
5

Great! I think maybe there was some residual IP Tables rule, or for whatever reason it just didn't picked up the Wi-Fi adapter correctly. Why that is remains a mystery... but I'm glad it's working for now :smiley:

1 Like
7

That's what I thought, but I could swear being able to do this even with firewalls disabled. My hunch was that at some point the firewall was up and running, and simple disabling without reloading the service doesn't cause the underlying rules to stop filtering immediately. Is that a possibility? I would have to check it.

1 Like
9

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.