1 Topic by CNCjerry (edited by CNCjerry 2022-09-27 08:04:04)

  • CNCjerry
  • Member
  • Offline
  • Registered: 2022-09-27
  • Posts: 4

Topic: SMB and AFP stopped working after iredmail installation

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.6.1
- Deployed with iRedMail Easy or the downloadable installer? easy
- Linux/BSD distribution name and version:  ubuntu 22.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): pgsql
- Web server (Apache or Nginx): Nginx for iredmail apache2 for Owncloud
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
===

This one has me.  I installed Iredmail.  I have multiple interfaces on my server.  I setup so iredmail used my public static IP address, all else used my 192.x.x.x addresses and it worked fine.  send mail, receive, etc. all ok.  Owncloud on the 192.x.x.x addresses are fine.

I then noticed my timemachine backups that use AFP/netatalk on ubuntu (as a server) didn't work.  I also noticed that SMB is no longer working.  It seems like the clients aren't even getting to smb or afp as nothing is in the log other than the startup.

I then tested on the server using smbclient and I can get to smb, I can list directories, etc. for any of the smb shares.  So I rebooted and didn't bring up the static IP interface thinking that the route statement was wrong.  No luck.  I then brought up another interface and address that wasn't associated with iredmail, apache, nginx, owncloud, etc, again no luck -smb still not working.  Can't even see the server in 'network' on any machine.

In smb, I have 'bind interfaces' turned off.  When I do that, I can see the server named 'mail' but can't access any of the shares.

I suspect it might be a problem in my hosts file but it looks ok to me.  I'll admit, there are some finer things about linux where I don't have a clue.

hosts:
-------------------------------------------------------------------------------
127.0.0.1 mail.XXXXX.com mail localhost localhost.localdomain

::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
---------------------------------------------------------------------------------

Could it have something to do with Nginx bound to all interfaces?  As smb is local to my 192 network, I don't have any security like ssh on smb (don't even know if you can).  I can ssh into the system and as I mentioned, owncloud works.

Thoughts?

thanks,

Jerry

edit #1: firewall ufw is inactive right now.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by CNCjerry

  • CNCjerry
  • Member
  • Offline
  • Registered: 2022-09-27
  • Posts: 4

Re: SMB and AFP stopped working after iredmail installation

CNCjerry wrote:

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.6.1
- Deployed with iRedMail Easy or the downloadable installer? easy
- Linux/BSD distribution name and version:  ubuntu 22.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): pgsql
- Web server (Apache or Nginx): Nginx for iredmail apache2 for Owncloud
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
===

This one has me.  I installed Iredmail.  I have multiple interfaces on my server.  I setup so iredmail used my public static IP address, all else used my 192.x.x.x addresses and it worked fine.  send mail, receive, etc. all ok.  Owncloud on the 192.x.x.x addresses are fine.

I then noticed my timemachine backups that use AFP/netatalk on ubuntu (as a server) didn't work.  I also noticed that SMB is no longer working.  It seems like the clients aren't even getting to smb or afp as nothing is in the log other than the startup.

I then tested on the server using smbclient and I can get to smb, I can list directories, etc. for any of the smb shares.  So I rebooted and didn't bring up the static IP interface thinking that the route statement was wrong.  No luck.  I then brought up another interface and address that wasn't associated with iredmail, apache, nginx, owncloud, etc, again no luck -smb still not working.  Can't even see the server in 'network' on any machine.

In smb, I have 'bind interfaces' turned off.  When I do that, I can see the server named 'mail' but can't access any of the shares.

I suspect it might be a problem in my hosts file but it looks ok to me.  I'll admit, there are some finer things about linux where I don't have a clue.

hosts:
-------------------------------------------------------------------------------
127.0.0.1 mail.XXXXX.com mail localhost localhost.localdomain

::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
---------------------------------------------------------------------------------

Could it have something to do with Nginx bound to all interfaces?  As smb is local to my 192 network, I don't have any security like ssh on smb (don't even know if you can).  I can ssh into the system and as I mentioned, owncloud works.

Thoughts?

thanks,

Jerry

edit #1: firewall ufw is inactive right now.

So iredmail adds nftable rules that rule-out samba.  WTF?  I fixed it by adding the samba ports for now and then I'll have to fix the interfaces as well as roll-back everything else I've tried for the past week!

Anyway, hope this finds someone else in the future.

jerry

3 Reply by Cthulhu (edited by Cthulhu 2022-09-27 15:47:12)

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 907

Re: SMB and AFP stopped working after iredmail installation

no, it adds firewall rules that don't open the ports for other than iredmail related stuff, thats a huge difference

iredmail firewall rules are a whitelist, what you described is a blacklist

4 Reply by CNCjerry

  • CNCjerry
  • Member
  • Offline
  • Registered: 2022-09-27
  • Posts: 4

Re: SMB and AFP stopped working after iredmail installation

Cthulhu wrote:

no, it adds firewall rules that don't open the ports for other than iredmail related stuff, thats a huge difference

iredmail firewall rules are a whitelist, what you described is a blacklist

It clearly added nftables rules as well as firewall rules.  Now that I know what I am looking for, there are a number of posts about iredmail modifying and/or installing nftables and blocking customer ports. 

The first thing I did was take down the firewall and test samba and afp and it wasn't until I found nftables that the problem was corrected.  Prior to iredmail installation, on a vanilla install of ubuntu 22.04 as well as on a 20.04 ubuntu server, I had no problems with samba or afp.  I use afp to provide file space for timemachine. 

Post install, nftables must have been installed or changed as samba ports (445, 135-139) and afp (548) were blocked by omission.  Adding port statements fixed the problem.  I don't know if the entire nftables.conf file was replaced or just modified.