Problem to use hostname with ufw

kenne76 · June 25, 2025, 10:26am

I have problem with Ubuntu’s ufw firewall, that when it is activated only ip adress works, not with hostnames.
Here are my settings acording to the firewall configuration.

Is it something wrong with my theese settings or is it at all possible to use hostname with ufw?

ufw --version
ufw 0.36.2
Copyright 2008-2023 Canonical Ltd.

ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    192.168.50.0/24
[ 2] 445/tcp                    ALLOW IN    192.168.50.0/24
[ 3] 137/tcp                    ALLOW IN    192.168.50.0/24
[ 4] 138/tcp                    ALLOW IN    192.168.50.0/24
[ 5] 139/tcp                    ALLOW IN    192.168.50.0/24
[ 6] 3306/tcp                   ALLOW IN    192.168.50.0/24
[ 7] 53/udp                     ALLOW IN    Anywhere
[ 8] 53/tcp                     ALLOW IN    Anywhere

l

sb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 25.04
Release:        25.04
Codename:       plucky

cat /etc/resolv.conf
nameserver 8.8.8.8 Google DNS server
nameserver 8.8.4.4 Google DNS server

cat /etc/hosts
127.0.0.1 localhost
192.168.50.139 serverpc

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

cat /etc/systemd/resolved.conf
DNS=8.8.8.8
FallbackDNS=8.8.4.4

rubi1200 · June 25, 2025, 10:29am

Welcome to Ubuntu Discourse

I moved your topic to Support and Help and added tags.

Please note that Uncategorized posts are likely to be ignored.

For a brief guide on using tags, see here.

Thanks.

thingizkhan · June 25, 2025, 8:41pm

ufw is fine with hostnames; the issue is that Windows-style LAN names are resolved through NetBIOS and (sometimes) mDNS/LLMNR, and those use UDP packets. Your current rules only open the TCP side, so as soon as UFW is active the UDP name-service traffic gets dropped and hostnames stop working.

What you need to allow:

NetBIOS name service — UDP port 137 (both directions on the LAN).
NetBIOS datagram service — UDP port 138 (both directions on the LAN).
If you rely on them, also mDNS (UDP 5353) and LLMNR (UDP 5355).

Right now you’ve opened TCP 137/138, which does nothing for name lookup.

Fix the rules

# delete the mistaken TCP entries
sudo ufw delete allow proto tcp from 192.168.50.0/24 to any port 137
sudo ufw delete allow proto tcp from 192.168.50.0/24 to any port 138

# add the correct UDP rules
sudo ufw allow proto udp from 192.168.50.0/24 to any port 137,138
# or simply use the built-in Samba profile:
sudo ufw allow from 192.168.50.0/24 to any app Samba

After UFW reloads, your Windows/Samba hostnames should resolve again.
(If you prefer to avoid NetBIOS entirely, run a proper DNS server on the LAN and point all clients to it, then no extra firewall holes are required.)

kenne76 · June 27, 2025, 10:14am

Thank you for your solution thingizkhan. Now it works fine.

system · June 30, 2025, 10:14am

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.