From owner-freebsd-questions@FreeBSD.ORG Mon May 12 04:35:21 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0367F37B401 for ; Mon, 12 May 2003 04:35:21 -0700 (PDT) Received: from citizensbankng.com (host-12-018.a.nigol.net.ng [217.117.12.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4941643F3F for ; Mon, 12 May 2003 04:34:38 -0700 (PDT) (envelope-from freebsd@citizensbankng.com) Received: from abdul ([128.1.100.234]) by citizensbankng.com (8.9.2/3.7W) with SMTP id MAA01875 for ; Mon, 12 May 2003 12:18:58 +0100 (WAT) Message-ID: <005901c31878$3f9aaf30$ea640180@abdul> From: "abdul" To: Date: Mon, 12 May 2003 12:18:08 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Subject: problem with netbios taffic and firewall rules X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 May 2003 11:35:21 -0000 Hi all, I use freeBSD as my proxy and firewall. I started noticing slowness and my ISP analysed my traffic and confirmed to me that my uplink (from me to the internet) is unusually high and the bulk of it are of "Netbios protocols". I have tried the following firewall options but no success yet: IPDIVERT and IPFIREWALL options are enabled in my kernel. My local and secondary interfaces are xl0 and tl0 respectively. Option1 Here, firewall_type="open" , then I introduced some rules to block the netbios traffic. The output of "ipfw l" is ass follows: 00040 deny udp from any 137 to any 00041 deny udp from any 138 to any 00042 deny udp from any 139 to any 00043 deny tcp from any 137 to any 00044 deny tcp from any 138 to any 00045 deny tcp from any 139 to any 00050 divert 8668 ip from any to any via tl0 00099 deny ip from 128.1.100.106 to any 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 65000 allow ip from any to any 65535 deny ip from any to any Here, a tcpdump command still reveals that the netbios traffic are still going through both xl0 and tl0. Option2 Here , I used firewall_type="cib-firewall". The content of cib-firewall is : add allow ip from 128.1.100.234/32 to any add allow tcp from any http to any add allow udp from any http to any add allow tcp from any 3128 to any add allow udp from any 3128 to any add allow tcp from any 3130 to any add allow udp from any 3130 to any add allow udp from any dnsix to any add allow tcp from any dnsix to any add allow icmp from any to any add allow tcp from any 23 to any add allow udp from any 23 to any add allow tcp from any domain to any add allow udp from any domain to any add allow tcp from any nameserver to any add allow udp from any nameserver to any add allow udp from any hostname to any add allow tcp from any hostname to any add allow tcp from any hosts2-ns to any add allow udp from any hosts2-ns to any Here, my squid software would not work, because it cant perform and "nslookup" command. I cannot even perforn an "nslookup" command fom command line. It tells me that it cannot find the DNS servers, even when I can ping them Any help? Thanks abdul