Date: Thu, 15 Mar 2001 17:08:43 +0200 From: "Patrick O'Reilly" <patrick@mip.co.za> To: <michal.kutnohorsky@asp1000.com>, "FreeBSD IPFW List" <freebsd-ipfw@freebsd.org> Subject: RE: ipfw rulez Message-ID: <NDBBIMKICMDGDMNOOCAIIEILCEAA.patrick@mip.co.za> In-Reply-To: <381F2A6B1CC4C449B19CA48BA7A2A87B0E1CB9@server.asp1000.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
Michal, Where are these ipfw rules? I am not sure if the samba server and the firewall are the same server. 1) if ipfw is on 192.168.0.x and samba server is 192.168.0.22 then: -------- allow tcp from any to 192.168.0.22 139 out xl0 allow tcp from 192.168.0.22 139 to any in xl0 -------- 2) if ipfw is on 192.168.0.22 (same server as samba server) then: -------- allow tcp from any to 192.168.0.22 139 in xl0 allow tcp from 192.168.0.22 139 to any out xl0 -------- I do not think you need UDP for Samba ??? Your other rules should also be structured in a similar manner for HTTP, etc. I hope this helps. Patrick. -----Original Message----- From: owner-freebsd-ipfw@FreeBSD.ORG [mailto:owner-freebsd-ipfw@FreeBSD.ORG]On Behalf Of michal.kutnohorsky@asp1000.com Sent: 15 March 2001 12:23 To: freebsd-ipfw@FreeBSD.ORG Subject: ipfw rulez hi, Im newbie in ipfw/natd , im trying to set up my firewall at home. I read natd and ipfw manual, i exactly know what i want to allow and what to deny. I make rules as you can see bellow (now im just testing firewall from internal net 192.168.0.0 xl0 for this time i dont forwarding packtes between second interface yet...) count ip from any to any allow log tcp from any to any 22 in recv xl0 allow log tcp from any to any 22 out xmit xl0 allow log tcp from any to any 1024-65535 in recv xl0 allow log tcp from any to any 1024-65535 out xmit xl0 allow log tcp from any to any 80 out xmit xl0 allow log tcp from any to any 80 in recv xl0 allow tcp from any to 192.168.0.22 139 out xl0 allow tcp from any to 192.168.0.22 139 in xl0 80, 22 works ok but I cant connect to Samba server 192.168.0.22.139 Allways it writes me error message that port 139 at 192.168.0.22 cant be open... Can you advice me how to correct it? Does Samba needs any icmp or UDP packets? Samba is on xl0 - 192.168.0.22:139 Kernel configuration is IPFIREWALL_VERBOSE , IPDIVERT Thanky you very much michal x--------------------------x |-- Michal Kutnohorsky -- | |-- michalk@asp1000.com -- | |-- icq 24864416 -- | | \_/ -- dej si taky -- | x--------------------------x To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NDBBIMKICMDGDMNOOCAIIEILCEAA.patrick>