Please add nf_conntrack_netbios_ns to IPT_MODULES

I just had the same problem... using Samba with ufw. It didn't worked until I added nf_conntrack_netbios_ns to IPT_MODULES in /etc/default/ufw.

This bug is still present Karmic. Could it be possible to automatically enable the nf_conntrack_netbios_ns when the package smbfs is installed ?

I also had to add nf_conntrack_netbios_ns to /etc/default/ufw to be able to browse windows share on the network. It would be more "user friendly" if it was enabled by default. It's not enough too enable it only on smbfs install since it's possible to access a samba share via nautilus if ufw is disabled.

This is a wishlist bug against ufw and cannot be fixed in samba or network-manager. Please be careful when adding bug tasks to triaged bugs.

So? I don't get the point. This issue is still present in Lucid, will it be fixed? I wanted my samba client to work and had to spend 4 hours to finally come across this. It helped and host lookup finally works with ufw. As you may guess, I am kinda angry that I had spent so much time on this.

Still present in maverick 10.10.

I have fumbled around with this issue for HOURS until I came across this by accident reading through a 2 year old mailing list. This actually isn´t only a problem with samba, it renders WINS hostname resolving impossible! I could not ping "hostname". I never thought ufw could be causing problems with hostname resolving, since I had opened up ports 137-139 and 445 as I found somewhere, but after trying ALL kinds of stuff like installing winbind, editing nsswitch.conf, smb.conf, etc.
I finally got hostname resolving to work (and therefore being able to access windows share using samba by hostname in Nautilus) by adding nf_conntrack_netbios_ns to IPT_MODULES in /etc/default/ufw.Of course, disabling UFW also works.

PS: Maybe we could change this bug report´s name? This is impossible to find for people trying to get hostname resolving to work, samba shares browsable by Nautilus, etc.

+1

+1 , seems odd this bug's still open

Yes, unfortunately it is still open....

This is waiting on an in depth audit of these modules. netbios_ns is the priority, but it got backburnered. It is once again a work item for the next development cycle. If someone wants to perform the in depth audit and give details here, that would be fantastic. Thanks!

I will be adding nf_conntrack_netbios_ns in Oneiric (finally). I have decided not to allow nf_conntrack_pptp at this time. Updating the bug title accordingly.

This bug was fixed in the package ufw - 0.30.1-2ubuntu1

---------------
ufw (0.30.1-2ubuntu1) oneiric; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - debian/rules: Don't install the upstream application profiles that are
      shipped with the Debian package.
    - debian/control: use ufw-0.30-oneiric for Vcs-Bzr

ufw (0.30.1-2) unstable; urgency=low

  * debian/control: make lintian clean:
    - update Standards-Version to 3.9.2
    - Build-Depends on python (>= 2.6.6-3~)
  * conf/ufw.defaults:
    - remove IRC connection tracking, which is only required for DCC.
      Cherrypick r741 from trunk
    - allow nf_conntrack_netbios_ns (Samba). Cherrypick r744 from trunk.
      LP: #360975 (Closes: 631737)
  * enable IPv6 by default and fix 'allow to any ipv6' when IPv6 is enabled.
    Cherrypick r742 from trunk.
  * update manpage references to ufw and ufw-framework to include the section.
    Cherrypick r743 from trunk.
  * ACCEPT UPnP (239.255.255.250 for IPv4 and ff02::f for IPv6) for service
    discovery just like we do for mDNS (ie, allow discovery, but not
    connections to the services). LP: #764933
  * debian/ufw.logrotate.debian, debian/ufw.logrotate.ubuntu, debian/rules:
    use 'rotate' option in Debian logrotate file and split out ufw.logrotate
    like we do the initscript since because Ubuntu's rsyslog doesn't have the
    'rotate' option yet. (Closes: 628605)
  * Cherrypick r746 from trunk to update check-requirements to prompt to
    continue with tests that may autoload modules. Add '-f' option to
    check-requirements and update test suite accordingly (LP: #782816)
  * Cherrypick r747 from trunk to not fail when running 'show listening' under
    fakeroot (LP: #812516)
  * debian/postinst:
    - remove some old upgrade transition code for unsupported upgrade paths
    - reload ufw if it is enabled and we are upgrading to this version since
      this is needed after enabling IPv6
  * debian/rules: add build-arch and build-indep targets

ufw (0.30.1-1.1) unstable; urgency=low

  * Non-maintainer upload.
  * Rebuild to add Python 2.7 support
 -- Jamie Strandboge <email address hidden> Mon, 18 Jul 2011 17:09:57 -0500

This should be fixed in 0.31.