File & Print share with linux Ubuntu

Comodo Internet Security - CIS Firewall Help - CIS
1

I’ve read the Comodo Guide (all 300+ pages of it), I’ve searched this forum.for some time before registering. I see that many people have the problem of how to enable file and printer sharing In CIS. I have understood very little of the answers.

Why is it so difficult to do? I have spent all day on this trying to understand the process. I’m not a computer expert; I just want to be able to share files and printers among the Windows and Linux computers on my Home network. If I was using Windows Firewall this sharing can be enabled with about 3 to 5 interactions in Windows.

Can this objective be simply achieved in Comodo by a non-expert or is it so complicated that I should not even be trying?

2

It’s actually quite an easy process to set-up, but it could be a little more intuitive. Basically, there are four processes involved in file and printer sharing, at least as far as the firewall is concerned. You’ll also have to make sure your Linux box is appropriately configured, as I use Suse as opposed to Ubuntu, you’ll have to seek guidance for that elsewhere.

The process rules we need to create/modify:

System - This handles the NetBIOS/SMB file sharing
Svchost.exe - This is needed for RPC
Spoolsv.exe - The print spooler
Explorer.exe - Used by the print queue

There are several ways to approach this, which you choose will depend on the level of control you desire and your willingness - or not - to create rules :slight_smile:

The first part of the exercise is to run the Stealth Ports Wizard with the first option - Define a new trusted network and make my ports stealth for everyone else. This will create some rules, both Global and Application. The rules simply allow all communication to and from the LAN, these are the rules necessary for the System process to handle NetBIOS/SMB traffic (this is needed for file and printer sharing) - See images.

For the other processes, you can either, specify the IP addresses and ports, or you can simply add the same pair of rules the Stealth Ports Wizard creates for the System process to Svchost, Explorer and spoolsv - see image.

If you wish to create rules manually, the ports you need to allow for are: (in/out)

System - TCP/UDP 137 to 139 and TCP 445
Svchost - TCP 135
Explorer - TCP 135 and 9627
Spoolsv - TCP 135 and 9627

Another alternative is to create a pair of Application rules that allows IP in and out to the LAN, for the ‘All Applications’ File group. Once created, place these at the top of the list. Doing this - coupled with a similar pair of Global rules - will allow all applications to communicate on the LAN and will obviate the need for individual process rules. - see image

On a final note, if you’re using the default firewall Application rules, svchost, system, spoolsv and possibly explorer, will already be allowed to fully communicate outbound, as they are covered by the default ‘Windows System Applications’ rule. If this is the case, you only need to add Global rules to accept inbound traffic and modify this rule to also receive inbound traffic from the LAN. - see image

I’ve kept the images simple by removing everything but the necessary rules for file and printer sharing.

[attachment deleted by admin]