What ports need to be open for Samba to communicate with other windows/linux systems? I need to configure Linux firewall so I need the exact port TCP and UDP port numbers for SMB/CIFS networking protocol. Can you provide me a list of ports along with sample iptables rules?

You can get list of ports from file called /etc/services. For your ease of use here are ports you need to open for two-way samba communication with Windows and Linux desktop systems.
  • netbios-ns – 137/tcp # NETBIOS Name Service
  • netbios-dgm – 138/tcp # NETBIOS Datagram Service
  • netbios-ssn – 139/tcp # NETBIOS session service
  • microsoft-ds – 445/tcp # if you are using Active Directory

Other ports:

  • Port 389 (TCP) – for LDAP (Active Directory Mode)
  • Port 445 (TCP) – NetBIOS was moved to 445 after 2000 and beyond, (CIFS)
  • Port 901 (TCP) – for SWAT service (not related to client communication)

Command To Find Out Required TCP/UDP Ports For SMB/CIFS Networking Protocol

Type the following command:
$ grep -i NETBIOS /etc/services
Sample outputs:

netbios-ns	137/tcp				# NETBIOS Name Service
netbios-ns	137/udp
netbios-dgm	138/tcp				# NETBIOS Datagram Service
netbios-dgm	138/udp
netbios-ssn	139/tcp				# NETBIOS session service
netbios-ssn	139/udp

Sample iptables Rules for CentOS/RHEL 5.x and older

To open Samba communication between 192.168.1.0/24 subnet representing the machines on your network which should operate as clients of the Samba server. Edit /etc/sysconfig/iptables under RHEL/CentOS server. Add the following lines, before the final LOG and ROP lines for the RH-Firewall-1-INPUT chain:

-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 445 -j ACCEPT

Feel free to change rules as per your setup. Save and close the file. Restart firewall service, enter:
# /sbin/services iptables restart

Sample iptables Rules for CentOS/RHEL 6.x only

-A INPUT -s 192.168.1.0/24 -m state state NEW -p udp –dport 137 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -m state –state NEW -p udp –dport 138 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -m state –state NEW -p tcp –dport 139 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -m state –state NEW -p tcp –dport 445 -j ACCEPT

Save and close the file. Type the following command to restart the firewall:
# service iptables restart

Sample iptables Rules for CentOS/RHEL 7.x only

You need to use the following commands:
# firewall-cmd --permanent --zone=public --add-service=samba
# firewall-cmd --reload

OR
# firewall-cmd --permanent --add-port=137/tcp
# firewall-cmd --permanent --add-port=138/tcp
# firewall-cmd --permanent --add-port=139/tcp
# firewall-cmd --permanent --add-port=445/tcp

See also


🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 11 comments so far... add one


CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
11 comments… add one
  • ZeldoR Dec 7, 2009 @ 17:06

    Thx. very much, nice overview :)

  • Scott Feb 22, 2011 @ 23:42

    One note:

    Ports 137 and 138 are UDP for samba. Cheers,

  • John Rose Apr 5, 2013 @ 10:06

    Please explain why $ grep -i NETBIOS /etc/services shows:
    netbios-ns 137/tcp # NETBIOS Name Service
    netbios-ns 137/udp
    netbios-dgm 138/tcp # NETBIOS Datagram Service
    netbios-dgm 138/udp
    netbios-ssn 139/tcp # NETBIOS session service
    netbios-ssn 139/udp
    I.e. does above mean that 137/udp etc is not used?

  • Ben Watson May 3, 2013 @ 14:24

    Brilliant, thank you.

  • Fu Oct 28, 2013 @ 21:46

    I believe the only ports that are actually used are the ones listed at the top of the article:
    netbios-ns – 137/tcp # NETBIOS Name Service
    netbios-dgm – 138/tcp # NETBIOS Datagram Service
    netbios-ssn – 139/tcp # NETBIOS session service
    microsoft-ds – 445/tcp # if you are using Active Directory

    The other ports are superfluous.

  • Fu Oct 28, 2013 @ 21:48

    Sorry, I made a mistake. The required ports are actually:

    TCP 139 445
    UDP 137 138

    • paul vixie Aug 2, 2014 @ 5:16

      yes, it’s tcp 139 and udp 137,138. for samba, 445 isn’t used.

      root@mm1:/var/log/samba # netstat -an|egrep ‘\.(137|138|139)’
      tcp4 0 0 *.139 *.* LISTEN
      tcp6 0 0 *.139 *.* LISTEN
      udp4 0 0 *.138 *.*
      udp4 0 0 *.137 *.*

  • Giedrius Jul 22, 2014 @ 15:11

    to AUTHOR:

    can you please update the article to match correct information?

    -A INPUT -p udp -m state –state NEW -m udp –dport 137 -j ACCEPT
    -A INPUT -p udp -m state –state NEW -m udp –dport 138 -j ACCEPT
    -A INPUT -p tcp -m state –state NEW -m tcp –dport 139 -j ACCEPT
    -A INPUT -p tcp -m state –state NEW -m tcp –dport 445 -j ACCEPT

    TCP: 139, 445
    UDP: 137, 138

  • Claudio Apr 25, 2016 @ 14:49

    Would it be the firewall rules syntax apply for Fedora 23?

    • 🐧 Vivek Gite Mar 31, 2017 @ 15:23

      Yes, centos/rhel 7.x rules should work with Fedora 23 or above.

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum