Open port 445 for my NAS server?
Linode
Linode Staff
Hello,
I tried to open port 445 in order to mount a NAS server. I have opened port 445 for all IP addresses in UFW, but it Nmap still returns a result of ‘filtered’. My machine allows connections to port 445. Is it possible that Linode might be blocking port 445? Can you confirm this or give any suggestions?
- On Linode:
user@localhost:~$ sudo ufw status
[sudo] password for user:
Status: active
To Action From
-- ------ ----
22 ALLOW Anywhere
80 ALLOW Anywhere
443 ALLOW Anywhere
Anywhere ALLOW <redacted.ipv4>
<redacted.ipv4> ALLOW Anywhere
445 ALLOW Anywhere
22 ALLOW Anywhere (v6)
80 ALLOW Anywhere (v6)
443 ALLOW Anywhere (v6)
445 ALLOW Anywhere (v6)
25 ALLOW OUT Anywhere
445 ALLOW OUT Anywhere
25 ALLOW OUT Anywhere (v6)
445 ALLOW OUT Anywhere (v6)
- On my machine:
$ nmap www.example.com
Starting Nmap 7.60 ( https://nmap.org ) at 2018-07-09 15:39 CEST
Nmap scan report for www.example.com (<redacted.ipv4>)
Host is up (0.17s latency).
Other addresses for www.example.com (not scanned): <redacted:ipv6>
Not shown: 997 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
$ nmap www.example.com -p 445
Starting Nmap 7.60 ( https://nmap.org ) at 2018-07-09 15:59 CEST
Nmap scan report for www.example.com (<redacted.ipv4>)
Host is up (0.17s latency).
Other addresses for www.example.com (not scanned): <redacted:ipv6>
PORT STATE SERVICE
445/tcp filtered microsoft-ds
Nmap done: 1 IP address (1 host up) scanned in 1.97 seconds
Thanks in advance.
1 Reply
tommydavidson
Linode Staff
I can see that you have a rule set in UFW to allow communication on port 445, but that Nmap result against port 445 does seem to indicate that a firewall is blocking it, since the result is 'filtered' rather than 'closed'. I can confirm that Linode does not block any ports, so something else is going on here.
iptables front-end tools, such as UFW (Debian/Ubutnu) and FirewallD (CentOS 7 and up) are great, but my own experience with using them has been a little shaky at times, so I recommend trying to use an iptables ruleset instead. If you want to be able to access port 445 on the machine, and also allow outgoing communication on port 445 (e.g. if this Linode also connects to another file server running on port 445), you can try the following rules:
sudo iptables -p tcp -A INPUT --dport 445 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -p tcp -A INPUT --sport 445 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo apt install iptables-persistent
If you don't need to connect this Linode to another fileserver on port 445, replace the second rule with this command:
sudo iptables -p tcp -A INPUT --sport 445 -m state --state ESTABLISHED -j ACCEPT
In either event, the first 2 commands will create rules for port 445 in your firewall, while the third command will download the 'iptables-persistent' package to make your rules stay permanent through a reboot. This way you will not have to re-configure your rules every time that your Linode is rebooted. You can read more about iptables here, and you can read more about FirewallD here.
If you are using CentOS 7 or above, the front-end method (FirewallD) is recommended since there is no 'iptables-persistent':
sudo firewall-cmd --zone=public --add-port=445/tcp --permanent
sudo systemctl restart firewalld