Which port uses package 'wsdd' for Network Discovery?

pboy · June 28, 2025, 3:25pm

To let your Samba server get automatically discovered by clients you need network discovery, The package wsdd provides this service in Fedora.

There is general documentation on github you need port 3702/udp, 5357/tcp and 5358/tcp open.

And there are related services in firewalld (/usr/lib/firewalld/services):

wsdd-http.xml
wsdd.xml
ws-discovery-client.xml
ws-discovery-host.xml
ws-discovery-tcp.xml
ws-discovery-udp.xml
ws-discovery.xml

none of those works.

When i stop firewalld, network discovery works at once.

Any idea?

pboy · June 28, 2025, 4:01pm

It says:

root@rockpi:/usr/lib/f Netid State icmp6 UNCONN udp UNCONN udp UNCONN udp UNCONN udp UNCONN udp UNCONN udp UNCONN udp UNCONN udp UNCONN udp UNCONN udp UNCONN udp UNCONN udp UNCONN udp UNCONN udp UNCONN udp UNCONN udp UNCONN udp UNCONN udp UNCONN udp UNCONN udp UNCONN udp UNCONN tcp LISTEN tcp LISTEN tcp LISTEN tcp LISTEN tcp LISTEN tcp LISTEN tcp LISTEN tcp LISTEN tcp LISTEN tcp LISTEN tcp LISTEN tcp LISTEN tcp LISTEN tcp LISTEN tcp LISTEN tcp LISTEN tcp LISTEN tcp LISTEN irewalld/services# ss -lnpAinet
Recv-Q Send-Q Local Address:Port Peer Address:Port Process
0 0 :58 : users:((“NetworkManager”,pid=1086,fd=26))
0 0 127.0.0.1:323 0.0.0.0: users:((“chronyd”,pid=972,fd=4))
0 0 0.0.0.0:46012 0.0.0.0:* users:((“wsdd”,pid=122527,fd=8))
0 0 0.0.0.0:5353 0.0.0.0:* users:((“avahi-daemon”,pid=970,fd=12))
0 0 0.0.0.0:5355 0.0.0.0:* users:((“systemd-resolve”,pid=865,fd=10))
0 0 192.168.158.148:3702 0.0.0.0:* users:((“wsdd”,pid=122527,fd=9))
0 0 239.255.255.250:3702 0.0.0.0:* users:((“wsdd”,pid=122527,fd=7))
0 0 127.0.0.54:53 0.0.0.0:* users:((“systemd-resolve”,pid=865,fd=18))
0 0 127.0.0.53%lo:53 0.0.0.0:* users:((“systemd-resolve”,pid=865,fd=16))
0 0 192.168.158.255:137 0.0.0.0:* users:((“nmbd”,pid=122518,fd=16))
0 0 192.168.158.148:137 0.0.0.0:* users:((“nmbd”,pid=122518,fd=15))
0 0 0.0.0.0:137 0.0.0.0:* users:((“nmbd”,pid=122518,fd=13))
0 0 192.168.158.255:138 0.0.0.0:* users:((“nmbd”,pid=122518,fd=18))
0 0 192.168.158.148:138 0.0.0.0:* users:((“nmbd”,pid=122518,fd=17))
0 0 0.0.0.0:138 0.0.0.0:* users:((“nmbd”,pid=122518,fd=14))
0 0 [::1]:323 [::]:* users:((“chronyd”,pid=972,fd=5))
0 0 [fe80::946b:309c:6638:c0e9]%end0:546 [::]:* users:((“NetworkManager”,pid=1086,fd=27))
0 0 [::]:5353 [::]:* users:((“avahi-daemon”,pid=970,fd=13))
0 0 [::]:5355 [::]:* users:((“systemd-resolve”,pid=865,fd=12))
0 0 [fe80::946b:309c:6638:c0e9]%end0:3702 [::]:* users:((“wsdd”,pid=122527,fd=13))
0 0 [ff02::c]%end0:3702 [::]:* users:((“wsdd”,pid=122527,fd=11))
0 0 :32810 : users:((“wsdd”,pid=122527,fd=12))
0 5 127.0.0.1:5232 0.0.0.0: users:((“radicale”,pid=7788,fd=7))
0 4096 0.0.0.0:5355 0.0.0.0:* users:((“systemd-resolve”,pid=865,fd=11))
0 5 192.168.158.148:5357 0.0.0.0:* users:((“wsdd”,pid=122527,fd=10))
0 50 0.0.0.0:445 0.0.0.0:* users:((“smbd”,pid=122520,fd=30))
0 4096 127.0.0.53%lo:53 0.0.0.0:* users:((“systemd-resolve”,pid=865,fd=17))
0 128 0.0.0.0:22 0.0.0.0:* users:((“sshd”,pid=1098,fd=7))
0 50 0.0.0.0:139 0.0.0.0:* users:((“smbd”,pid=122520,fd=31))
0 10 0.0.0.0:27500 0.0.0.0:* users:((“passimd”,pid=5544,fd=10))
0 4096 127.0.0.54:53 0.0.0.0:* users:((“systemd-resolve”,pid=865,fd=19))
0 5 [::1]:5232 [::]:* users:((“radicale”,pid=7788,fd=6))
0 4096 [::]:5355 [::]:* users:((“systemd-resolve”,pid=865,fd=13))
0 50 [::]:445 [::]:* users:((“smbd”,pid=122520,fd=28))
0 511 :443 : users:((“httpd”,pid=84485,fd=6),(“httpd”,pid=84321,fd=6),(“httpd”,pid=84295,fd=6),(“httpd”,pid=84294,fd=6),(“httpd”,pid=1120,fd=6))
0 5 [fe80::946b:309c:6638:c0e9]%end0:5357 [::]: users:((“wsdd”,pid=122527,fd=14))
0 511 :80 : users:((“httpd”,pid=84485,fd=4),(“httpd”,pid=84321,fd=4),(“httpd”,pid=84295,fd=4),(“httpd”,pid=84294,fd=4),(“httpd”,pid=1120,fd=4))
0 128 [::]:22 [::]: users:((“sshd”,pid=1098,fd=8))
0 50 [::]:139 [::]:* users:((“smbd”,pid=122520,fd=29))
0 4096 *:9090 : users:((“systemd”,pid=1,fd=129))

And firewalld says:
FedoraServer (default, active)
target: default
ingress-priority: 0
egress-priority: 0
icmp-block-inversion: no
interfaces: end0
sources:
services: cockpit dhcpv6-client http https samba ssh
ports: 3702/udp 3702/tcp 5357/tcp 5358/tcp
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

pg-tips · June 28, 2025, 4:41pm

Nothing in /usr/lib/firewalld/services seems to control TCP 5358:

$ grep 5358 /usr/lib/firewalld/services/*
$ grep 5357 /usr/lib/firewalld/services/*
/usr/lib/firewalld/services/ws-discovery-host.xml:  <port protocol="tcp" port="5357"/>
$ grep 3702 /usr/lib/firewalld/services/*
/usr/lib/firewalld/services/ws-discovery-client.xml:  <source-port port="3702" protocol="udp"/>
/usr/lib/firewalld/services/ws-discovery-tcp.xml:  <port protocol="tcp" port="3702"/>
/usr/lib/firewalld/services/ws-discovery-udp.xml:  <port protocol="udp" port="3702"/>

pboy · June 28, 2025, 10:13pm

The left overs are

udp   UNCONN 0   0        0.0.0.0:46012      0.0.0.0:*    users:(("wsdd",pid=122527,fd=8))                                                                                                   
udp   UNCONN 0   0         *:32810            *:*    users:(("wsdd",pid=122527,fd=12))

Do you think I have to open those high port numbers? On those servers that are detected (Synologies) these ports are closed.

pboy · June 28, 2025, 10:18pm

Indeed, none of the predefined services cares about TCP 5358. As I understood some docs, these ports are about https detection (and 5357 for http). Not important for smb shares.

And I added TCP 5358 manually, without success so far.

pboy · June 29, 2025, 11:34am

In the meantime, I checked everything on a different box. It is an x86_64 arch and here everything works well and as expected. The x86_64 system is immediately detected.

The issue seems specific to the aarch64 architecture.

ngitoh · June 29, 2025, 12:09pm

For WSDD, you need to enable the following on the firewall:

Incoming and outgoing traffic to UDP/3702 with the multicast destination:
    239.255.255.250 for IPv4
    ff02::c for IPv6
Outgoing unicast traffic from UDP/3702
Incoming traffic to TCP/5357

I suspect that your multicast ports are not enabled properly.

pboy · June 29, 2025, 1:22pm

Yes, , /usr/lib/firewalld/services says:

<service>
  <short>Web Services Dynamic Discovery host daemon</short>
  <description>wsdd implements a Web Service Discovery host daemon. This enables (Samba) hosts, like your local NAS device, to be found by Web Service Discovery Clients like Windows.</description>
  <port port="3702" protocol="udp"/>
  <destination ipv4="239.255.255.250" ipv6="FF02::C"/>
  <include service="wsdd-http"/>
</service>

and wsdd-http:

<service>
  <short>Web Services Dynamic Discovery host daemon (HTTP Interface)</short>
  <description>wsdd implements a Web Service Discovery host daemon. This enables (Samba) hosts, like your local NAS device, to be found by Web Service Discovery Clients like Windows.</description>
  <port port="5357" protocol="tcp"/>
</service>

I think, that is exactly, what you said., whereby christgau/wsdd also specifies Port 5358 (for https).

Do you know why Fedora doesn’t include the latter port?

And what do you mean with “multicast ports are not enabled properly”? What could be missing?

It works on my x86_64 box, but not on my aarch64 box.

ngitoh · June 29, 2025, 1:35pm

If it works when firewalld is disabled, try enabling logging with firewall-cmd --set-log-denied=all and check the logs to see what gets denied.

Topic		Replies	Views
Can't set up Samba with WSD Ask Fedora	0	930	March 6, 2021
Firewall setup Ask Fedora	4	598	August 6, 2022
Failed to use Samba Shared folder Ask Fedora f35 , samba	7	1783	November 9, 2021
Fedora 35: share a network connection with NetworkManager & firewalld Ask Fedora f35 , firewalld , networkmanager	7	3678	November 30, 2021
Firewalld blocks access despite service added Ask Fedora nfs , firewalld , f39 , server , f40	5	541	August 31, 2024

Which port uses package 'wsdd' for Network Discovery?

Related topics