Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 6 Jun 2002 10:32:32 +0200 (MET DST)
From:      Mario Pranjic <mario.pranjic@irb.hr>
To:        <peter.lai@uconn.edu>
Cc:        <freebsd-security@FreeBSD.ORG>
Subject:   Re: samba and ipfw
Message-ID:  <Pine.GSO.4.32.0206061028480.6075-100000@nippur.irb.hr>
In-Reply-To: <20020605122357.D10653@cowbert.2y.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, 5 Jun 2002, Peter C. Lai wrote:

> Date: Wed, 5 Jun 2002 12:23:57 -0400
> From: Peter C. Lai <sirmoo@cowbert.2y.net>
> Reply-To: peter.lai@uconn.edu
> To: Mario Pranjic <mario.pranjic@irb.hr>
> Cc: freebsd-security@FreeBSD.ORG
> Subject: Re: samba and ipfw
>
> you forgot UDP 137
> /etc/services shows:
> netbios-ns      137/tcp    #NETBIOS Name Service
> netbios-ns      137/udp    #NETBIOS Name Service
> netbios-dgm     138/tcp    #NETBIOS Datagram Service
> netbios-dgm     138/udp    #NETBIOS Datagram Service
> netbios-ssn     139/tcp    #NETBIOS Session Service
> netbios-ssn     139/udp    #NETBIOS Session Service
>
> You really don't need 445 either, unless you are
> routing Active Directory associated traffic.
>
> The network neighborhood functionality is a function
> of nmbd, or NETBIOS Name Service, hence you can't access
> machines by name if you block 137.

I've modified my rules:
00660 allow tcp from any to me 137,138,139,445 keep-state setup
00661 allow udp from any 139 to me 139 keep-state
00662 allow udp from any to me 137

I added port 137 (tcp and udp)

Still, I can't access machine from windows box.
On FreeBSD there is no problem:
mount_smbfs -I servername //user@smbserver/share /mntpoint

Master browser is one linux box and it cannot see my samba server under
firewall.
Maybe I've made some othe mistake?

Of course, I can access machine by name via http, ssh, ftp...

Anybody knowns what I did wrong?

Thanks!

Mario Pranjic, dipl.ing.
sistem administrator
Knjiznica, Institut Rudjer Boskovic
-------------------------------------
e-mail: mario.pranjic@irb.hr
ICQ: 72059629
tel: +385 1 45 60 954 (interni: 1293)
-------------------------------------



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.32.0206061028480.6075-100000>