Date: Thu, 8 Mar 2001 10:25:14 +0000 From: "Blair Sutton/Odey" <B.Sutton@odey.co.uk> To: "FreeBSD IPFW List" <freebsd-ipfw@FreeBSD.ORG> Subject: Re: FW: MS Shares through IPFW Message-ID: <OF3AD7E7B7.087FF2D4-ON80256A09.003869C2@odey.co.uk>
next in thread | raw e-mail | index | archive | help
Assuming your MS clients are not running NetBEUI. And they are just running TCP/IP with static IP addresses, I cannot see why DHCP requests are being made. Check the network TCP/IP conf on the MS client, make sure it does not attempt to get an IP address automatically. What may help too is setting the WINS server option (helps CIFS/SMB packets cross subnets). Can you get a complete listing of your ipfw conf and possibly some sample tcpdumps? "Patrick O'Reilly" <patrick@mip.co.za> Sent by: owner-freebsd-ipfw@FreeBSD.ORG 08/03/2001 09:47 To: "FreeBSD Network List" <freebsd-net@FreeBSD.ORG>, "FreeBSD IPFW List" <freebsd-ipfw@FreeBSD.ORG> cc: Subject: FW: MS Shares through IPFW Hi all! I need to allow some M$ clients to access M$ shares on an NT server, the clients and server being on opposite sides of a FreeBSD ipfw firewall. The firewall is running fine (has been for 6 months) but I cannot get this D**N Netbios stuff going. In my desperation I have gone as far as adding these two very loose rules, which are the very first rules in the ipfw chain: -------- /sbin/ipfw -q add 00009 allow log ip from 10.5.5.0/24 to 10.3.3.240 /sbin/ipfw -q add 00009 allow log ip from 10.3.3.240 to 10.5.5.0/24 -------- The 10.5.5.0/24 Subnet includes the client we are testing, and 10.3.3.240 is the NT Server. The 10.5.5.0/24 Subnet is remote across a VPN, but there are IP tunnels in place so that the extra hops are transparent -> I don't THINK they should be causing our problems. When the Client tries to map the share on the Server there is a whole bunch of traffic logged against rule #9, including ports UDP 137 and TCP 139, going back and forth between the client and server. The client is prompted for a login/password, which we enter VERY CAREFULLY to make sure we got it right, but thereafter the connection is refused. Is this something about M$ security, or is there something else I am not seeing that the firewall might be denying? The only curious thing I have observed is the following lines in the ipfw.log interspersed among all the "Accept" logs between these computers: -------- Mar 7 11:16:08 eccles /kernel: ipfw: 65534 Deny UDP 0.0.0.0:68 10.3.3.240:67 in via rl2 Mar 7 11:16:08 eccles /kernel: ipfw: 9 Accept UDP 10.5.5.1:67 10.3.3.240:67 in via rl2 Mar 7 11:16:08 eccles /kernel: ipfw: 9 Accept UDP 10.5.5.1:67 10.3.3.240:67 out via rl0 -------- I believe ports 67 and 68 are used for DHCP - we are not using DHCP anywhere, so I don't understand why this pops up, but I include it as it may be relevant ?!? Also, why is the source IP on the first line 0.0.0.0 ? Anyone with some more M$ / Netbios expertise - PLEASE HELP. Thanks, Patrick. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OF3AD7E7B7.087FF2D4-ON80256A09.003869C2>