This widget could not be displayed.
This widget could not be displayed.
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Samba port for RT-BE58U

Nyxmael
Star III

‎09-23-2025 10:51 AM

I have setup the samba. Is working internally and externally. 

Now, I have struggled to understand why the samba port is so hardened in the firmware. I can access and map externally because my ISP now allows the port 445. But when I enable the firewall option on the router, is no longer working. 

Port forward did not helped (  all the other ports opened externally are working with the firewall on and port forwarding on). 

If I SSH into the router, and manually enable the port with  iptables -I INPUT -p tcp --dport 445 -j ACCEPT, it works, with the firewall on, but the thing is that this is a temporally rule, after a reboot is gone.

I tried to open the port on the firewall inbound rules on the GUI, but the SAMBA 445 cannot be opened from there.

The only options: 1. Disable the firewall completely ( I don't want that) and 2 - each time enable the firewall rule on the SSH.

 

Anyone knows how I can enable the SAMBA port externally and still keep the firewall on? 

0 Kudos
4 REPLIES 4

jzchen
Zen Master II

‎09-23-2025 10:11 PM

I am assuming you've already tried enabling UPnP?

0 Kudos

Nyxmael
Star III

‎09-24-2025 01:17 AM

yes, I don't understand why the  SMB port is so hardcoded into their firewall. 

0 Kudos

jzchen
Zen Master II
In response to Nyxmael

‎09-24-2025 01:33 AM

Can only guess it has something to do with this CVE:

https://www.cve.org/CVERecord?id=CVE-2025-33073

0 Kudos

Nyxmael
Star III

‎09-24-2025 06:46 AM

Gotcha bud. But still, when it comes to this, it should by own decision how I chose to secure my network.

Keeping the firewall on, it removes the SMB external access, allowing via ssh iptables -I INPUT -p tcp --dport 445 -j ACCEPT into the router, works till the next reboot, then I'm back with the same issue.

The router does not allow me to create a cron script in order to run automatically after a reboot, so this has so be done automatically via cmd each time. Not a solution. Keeping the firewall off just because of the SMB port again is not a good solution. It should allow users to open the SMB ports properly via the firewall GUI without many procedures. I really want to find another solution, a permanent one. 

0 Kudos
Youtube support channel