From owner-freebsd-security  Wed Jun  5  9:24: 4 2002
Delivered-To: freebsd-security@freebsd.org
Received: from d188h80.mcb.uconn.edu (d188h80.mcb.uconn.edu [137.99.188.80])
	by hub.freebsd.org (Postfix) with SMTP id DD1AF37B406
	for <freebsd-security@FreeBSD.ORG>; Wed,  5 Jun 2002 09:23:57 -0700 (PDT)
Received: (qmail 10705 invoked by uid 1001); 5 Jun 2002 16:23:57 -0000
Date: Wed, 5 Jun 2002 12:23:57 -0400
From: "Peter C. Lai" <sirmoo@cowbert.2y.net>
To: Mario Pranjic <mario.pranjic@irb.hr>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: samba and ipfw
Message-ID: <20020605122357.D10653@cowbert.2y.net>
Reply-To: peter.lai@uconn.edu
References: <Pine.GSO.4.32.0206051243390.25024-100000@nippur.irb.hr>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.GSO.4.32.0206051243390.25024-100000@nippur.irb.hr>; from mario.pranjic@irb.hr on Wed, Jun 05, 2002 at 12:50:52PM +0200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

you forgot UDP 137
/etc/services shows:
netbios-ns      137/tcp    #NETBIOS Name Service
netbios-ns      137/udp    #NETBIOS Name Service
netbios-dgm     138/tcp    #NETBIOS Datagram Service
netbios-dgm     138/udp    #NETBIOS Datagram Service
netbios-ssn     139/tcp    #NETBIOS Session Service
netbios-ssn     139/udp    #NETBIOS Session Service

You really don't need 445 either, unless you are
routing Active Directory associated traffic.

The network neighborhood functionality is a function
of nmbd, or NETBIOS Name Service, hence you can't access
machines by name if you block 137.

i'm going to pull a kris and say this isn't an exactly security
related question :)

On Wed, Jun 05, 2002 at 12:50:52PM +0200, Mario Pranjic wrote:
> Hi!
> 
> I have rules for smb like this:
> # samba
> add 660 allow tcp from any to me 138,139,445 setup keep-state
> add 661 pass udp from any 139 to me 139 keep-state
> 
> 
> But, I can't see NETBIO name or access host by that name.
> 
> Is there anything else I should open?
> 
> Thanks!
> 
> Mario Pranjic, dipl.ing.
> sistem administrator
> Knjiznica, Institut Rudjer Boskovic
> -------------------------------------
> e-mail: mario.pranjic@irb.hr
> ICQ: 72059629
> tel: +385 1 45 60 954 (interni: 1293)
> -------------------------------------
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

-- 
Peter C. Lai
University of Connecticut
Dept. of Molecular and Cell Biology | Undergraduate Research Assistant
http://cowbert.2y.net/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message