From owner-freebsd-net Wed Mar 7 20:26:46 2001 Delivered-To: freebsd-net@freebsd.org Received: from online.tmx.com.au (online.tmx.com.au [192.150.129.1]) by hub.freebsd.org (Postfix) with ESMTP id 23C6837B718 for ; Wed, 7 Mar 2001 20:26:39 -0800 (PST) (envelope-from mtaylor@bytecraft.com.au) Received: from melexc01.bytecraft.com.au ([203.9.250.249]) by online.tmx.com.au (8.9.3/8.8.8) with ESMTP id PAA20085; Thu, 8 Mar 2001 15:24:39 +1100 (EST) Received: by MELEXC01 with Internet Mail Service (5.5.2448.0) id ; Thu, 8 Mar 2001 15:25:12 +1100 Message-ID: <710709BB8B02D311942E006067441810544287@MELEXC01> From: Murray Taylor To: "'Stephen Cimarelli'" Cc: "'freebsd-net@freebsd.org'" Subject: RE: Firewalls and Samba Date: Thu, 8 Mar 2001 15:24:09 +1100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org It aint the firewall!! Further to default routes etc ..... I believe that I have cured the problem (final testing after the network number shift to the 10.x.y.z range and I connect the phone line!) Factoids: A Windoze computers on the network are given IP numbers via DHCP from an NT Server these include such things as the machine IP number WINS server IP numbers, the DHCP server number, the subnet mask and a default gateway B our company network has (for the convenience of the R&D noddies) a gateway defined into their internal - internal development network...which protects us from it too ;-) This gateway is the one distributed via DHCP above. C I didnt (and still dont) have all the company IP #'s in the hosts table or the named tables. ( I've only got the 5 or so that I am directly dealing with for our web development ) D ppp was starting up with the "set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.255" and "add default HISADDR" lines which of course setup a default route in the FreeBSD box E Samba is running on the FreeBSD box to allow W9x machines access certain shares F ipfw is up and running with a bunch of rules including "1100 deny ip from 10.0.0.0/0 to any via tun0" Result: M$ Explorer, when attempting to map the networked shares to a machine booting up encounters the Samba shares, and then it seems that somewhere M$ Explorer and /or Samba get bent out of shape by the default route on the FBSD box and tries to use it (for what I dont know). One then has to cancel the attempt to attach the shares or wait for the error "I cant do this" popup dialog. When the M$ machine has finished booting, going into Explorer and attempting to open the unattached shares, returns (eventually) the informative message that the "device is not attached to the network".... Mind you I am into the FreeBSD machine with telnet, can open a website on it via IE5 and can ping it to my hearts content... THE SOLUTION I think! remove the add default line from ppp.conf add it to the ppp.linkup file add a matching delete all line to ppp.linkdown and forgo auto dialling as there is not a default route pointing to the tun0 device until it is open (catch 22) I'm still not sure if there is a bug lurking in one side or the other here, and if this is just a work around or if this is the 'correct' way of doing things cheers and thanks (Stephen in particular) Murray Taylor Project Engineer Bytecraft P/L +61 3 9587 2555 +61 3 9587 1614 fax mtaylor@bytecraft.com.au > -----Original Message----- > From: Stephen Cimarelli [SMTP:stephen@clari.net.au] > Sent: Wednesday, 7 March 2001 11:51 > To: Murray Taylor > Subject: RE: Firewalls and Samba > > but why was the outside interface afecting internal trafic, was it because > of > the defoult route? > > > I would have thought that rule 150 should have done the job? > > > > > On 06-Mar-01 Murray Taylor wrote: > > yah, > > but that line is also one of the 'standard' lines in the SIMPLE firewall > > entry in rc.firewall > > and the 'standard' ppp setup for auto mode > > has this line > > > > set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 > > > > in it, which I am using too.... > > > > mjt > > > >> > ---------------------------------- > E-Mail: Stephen Cimarelli > Date: 07-Mar-01 > Time: 10:45:21 > ClariNet Internet Solutions > +61 3 9486 0811 > www.clari.net.au > ---------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message