Date: Thu, 8 Mar 2001 10:25:14 +0000 From: "Blair Sutton/Odey" <B.Sutton@odey.co.uk> To: "FreeBSD IPFW List" <freebsd-ipfw@FreeBSD.ORG> Subject: Re: FW: MS Shares through IPFW Message-ID: <OF3AD7E7B7.087FF2D4-ON80256A09.003869C2@odey.co.uk>
next in thread | raw e-mail | index | archive | help
Assuming your MS clients are not running NetBEUI. And they are just
running TCP/IP with static IP addresses, I cannot see why DHCP requests
are being made. Check the network TCP/IP conf on the MS client, make sure
it does not attempt to get an IP address automatically. What may help too
is setting the WINS server option (helps CIFS/SMB packets cross subnets).
Can you get a complete listing of your ipfw conf and possibly some sample
tcpdumps?
"Patrick O'Reilly" <patrick@mip.co.za>
Sent by: owner-freebsd-ipfw@FreeBSD.ORG
08/03/2001 09:47
To: "FreeBSD Network List" <freebsd-net@FreeBSD.ORG>, "FreeBSD IPFW List"
<freebsd-ipfw@FreeBSD.ORG>
cc:
Subject: FW: MS Shares through IPFW
Hi all!
I need to allow some M$ clients to access M$ shares on an NT server, the
clients and server being on opposite sides of a FreeBSD ipfw firewall. The
firewall is running fine (has been for 6 months) but I cannot get this
D**N
Netbios stuff going.
In my desperation I have gone as far as adding these two very loose rules,
which are the very first rules in the ipfw chain:
--------
/sbin/ipfw -q add 00009 allow log ip from 10.5.5.0/24 to 10.3.3.240
/sbin/ipfw -q add 00009 allow log ip from 10.3.3.240 to 10.5.5.0/24
--------
The 10.5.5.0/24 Subnet includes the client we are testing, and 10.3.3.240
is
the NT Server. The 10.5.5.0/24 Subnet is remote across a VPN, but there
are
IP tunnels in place so that the extra hops are transparent -> I don't
THINK
they should be causing our problems.
When the Client tries to map the share on the Server there is a whole
bunch
of traffic logged against rule #9, including ports UDP 137 and TCP 139,
going back and forth between the client and server. The client is
prompted
for a login/password, which we enter VERY CAREFULLY to make sure we got it
right, but thereafter the connection is refused.
Is this something about M$ security, or is there something else I am not
seeing that the firewall might be denying?
The only curious thing I have observed is the following lines in the
ipfw.log interspersed among all the "Accept" logs between these computers:
--------
Mar 7 11:16:08 eccles /kernel: ipfw: 65534 Deny UDP 0.0.0.0:68
10.3.3.240:67 in via rl2
Mar 7 11:16:08 eccles /kernel: ipfw: 9 Accept UDP 10.5.5.1:67
10.3.3.240:67
in via rl2
Mar 7 11:16:08 eccles /kernel: ipfw: 9 Accept UDP 10.5.5.1:67
10.3.3.240:67
out via rl0
--------
I believe ports 67 and 68 are used for DHCP - we are not using DHCP
anywhere, so I don't understand why this pops up, but I include it as it
may
be relevant ?!? Also, why is the source IP on the first line 0.0.0.0 ?
Anyone with some more M$ / Netbios expertise - PLEASE HELP.
Thanks, Patrick.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OF3AD7E7B7.087FF2D4-ON80256A09.003869C2>