From owner-freebsd-pf@FreeBSD.ORG  Sun Nov  6 02:30:50 2005
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3C36416A41F
	for <freebsd-pf@freebsd.org>; Sun,  6 Nov 2005 02:30:50 +0000 (GMT)
	(envelope-from dmehler26@woh.rr.com)
Received: from ms-smtp-01-eri0.ohiordc.rr.com
	(ms-smtp-01-smtplb.ohiordc.rr.com [65.24.5.135])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D245043D45
	for <freebsd-pf@freebsd.org>; Sun,  6 Nov 2005 02:30:49 +0000 (GMT)
	(envelope-from dmehler26@woh.rr.com)
Received: from satellite (cpe-65-31-43-91.woh.res.rr.com [65.31.43.91])
	by ms-smtp-01-eri0.ohiordc.rr.com (8.12.10/8.12.7) with SMTP id
	jA62UkWY002246
	for <freebsd-pf@freebsd.org>; Sat, 5 Nov 2005 21:30:46 -0500 (EST)
Message-ID: <000301c5e279$122015e0$0900a8c0@satellite>
From: "Dave" <dmehler26@woh.rr.com>
To: <freebsd-pf@freebsd.org>
Date: Sat, 5 Nov 2005 21:23:26 -0500
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2670
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
X-Virus-Scanned: Symantec AntiVirus Scan Engine
Subject: samba and smbfs
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Dave <dmehler26@woh.rr.com>
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Nov 2005 02:30:50 -0000

Hello,
    I've got a pf firewall on a box that blocks by default. I want samba to 
listen on the internal interface only, this happens, yet machines still 
can't get to the samba box. The relevant rules are below. I'm also trying to 
mount some xp shares via smbfs this too is not working probably for the same 
reason. Can someone tell me where my rules went wrong?
Thanks.
Dave.

# allow internal samba
pass in quick on $int_if inet proto tcp from $int_if:network to ($int_if) 
port 137 flags S/SA modulate state
pass in quick on $int_if inet proto tcp from $int_if:network to ($int_if) 
port 138 flags S/SA modulate state
pass in quick on $int_if inet proto tcp from $int_if:network to ($int_if) 
port 139 flags S/SA modulate state
pass in quick on $int_if inet proto tcp from $int_if:network to ($int_if) 
port 445 flags S/SA modulate state
pass in quick on $int_if inet proto udp from $int_if:network to ($int_if) 
port 137 keep state
pass in quick on $int_if inet proto udp from $int_if:network to ($int_if) 
port 138 keep state
pass in quick on $int_if inet proto udp from any to ($int_if) port 139 keep 
state
pass in quick on $int_if inet proto udp from any to ($int_if) port 445 keep 
state
pass quick on $int_if from ($int_if) to $int_if:broadcast keep state