TCP/IP ports necessary for CIFS/SMB operation

Solution 1:

Ports 137-139 are for NetBios/Name resolution. Without it you will have to access machines by IP address opposed to NetBIOS name. Example \\192.168.1.100\share_name opposed to \\my_file_server\share_name

So port 445 is sufficient if you can work with IP addresses only.

Solution 2:

This configuration worked for me: 137/UDP, 138/UDP, 139/TCP and 445/TCP. Source and additional information at: http://www.icir.org/gregor/tools/ms-smb-protocols.html.

So these are the iptables rules for my Samba server:

# The router doesn't need SMB access.
-A INPUT -s 192.168.1.1 -p udp --dport 137 -j REJECT
-A INPUT -s 192.168.1.1 -p udp --dport 138 -j REJECT
-A INPUT -s 192.168.1.1 -p tcp --dport 139 -j REJECT
-A INPUT -s 192.168.1.1 -p tcp --dport 445 -j REJECT

# Actual Samba ports
-A INPUT -s 192.168.1.0/24 -m state --state NEW -p udp --dport 137 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -m state --state NEW -p udp --dport 138 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 139 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 445 -j ACCEPT