Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 5 Jun 2002 12:23:57 -0400
From:      "Peter C. Lai" <sirmoo@cowbert.2y.net>
To:        Mario Pranjic <mario.pranjic@irb.hr>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: samba and ipfw
Message-ID:  <20020605122357.D10653@cowbert.2y.net>
In-Reply-To: <Pine.GSO.4.32.0206051243390.25024-100000@nippur.irb.hr>; from mario.pranjic@irb.hr on Wed, Jun 05, 2002 at 12:50:52PM %2B0200
References:  <Pine.GSO.4.32.0206051243390.25024-100000@nippur.irb.hr>
next in thread | previous in thread | raw e-mail | index | archive | help 
you forgot UDP 137
/etc/services shows:
netbios-ns      137/tcp    #NETBIOS Name Service
netbios-ns      137/udp    #NETBIOS Name Service
netbios-dgm     138/tcp    #NETBIOS Datagram Service
netbios-dgm     138/udp    #NETBIOS Datagram Service
netbios-ssn     139/tcp    #NETBIOS Session Service
netbios-ssn     139/udp    #NETBIOS Session Service

You really don't need 445 either, unless you are
routing Active Directory associated traffic.

The network neighborhood functionality is a function
of nmbd, or NETBIOS Name Service, hence you can't access
machines by name if you block 137.

i'm going to pull a kris and say this isn't an exactly security
related question :)

On Wed, Jun 05, 2002 at 12:50:52PM +0200, Mario Pranjic wrote:
> Hi!
> 
> I have rules for smb like this:
> # samba
> add 660 allow tcp from any to me 138,139,445 setup keep-state
> add 661 pass udp from any 139 to me 139 keep-state
> 
> 
> But, I can't see NETBIO name or access host by that name.
> 
> Is there anything else I should open?
> 
> Thanks!
> 
> Mario Pranjic, dipl.ing.
> sistem administrator
> Knjiznica, Institut Rudjer Boskovic
> -------------------------------------
> e-mail: mario.pranjic@irb.hr
> ICQ: 72059629
> tel: +385 1 45 60 954 (interni: 1293)
> -------------------------------------
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

-- 
Peter C. Lai
University of Connecticut
Dept. of Molecular and Cell Biology | Undergraduate Research Assistant
http://cowbert.2y.net/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020605122357.D10653>