From owner-freebsd-questions Thu Sep 24 12:16:54 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA24814 for freebsd-questions-outgoing; Thu, 24 Sep 1998 12:16:54 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from spook.navinet.net (spook.navinet.net [206.25.93.69]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA24807 for ; Thu, 24 Sep 1998 12:16:50 -0700 (PDT) (envelope-from forrie@forrie.com) Received: from forrie (black4.navinet.net [206.25.93.80]) by spook.navinet.net with SMTP id PAA08004 for ; Thu, 24 Sep 1998 15:16:45 -0400 (EDT) Message-Id: <199809241916.PAA08004@spook.navinet.net> X-Sender: forrie@206.25.93.69 X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.2 Date: Thu, 24 Sep 1998 15:16:25 -0400 To: freebsd-questions@FreeBSD.ORG From: Forrest Aldrich Subject: Samba and IPFW Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I've been having some difficulty getting Samba to work with packet filtering turned on. This is on FreeBSD-2.2.7 (latest build cvsupped). Basically, I can get it to work if I drop all the filters... I've tried different combinations of rules, with no help from the samba list (most of them seem to be using Linux ipfwadm). I have, presently: $fwcmd add pass tcp from ${net}:${mask} to ${ip} 139 setup $fwcmd add pass tcp from ${net}:${mask} to ${ip} 138 setup $fwcmd add pass tcp from ${net}:${mask} to ${ip} 137 setup $fwcmd add pass udp from ${net}:${mask} to ${ip} 139 $fwcmd add pass udp from ${net}:${mask} to ${ip} 138 $fwcmd add pass udp from ${net}:${mask} to ${ip} 137 $fwcmd add pass udp from ${ip} to any 137 $fwcmd add pass udp from ${ip} to any 138 $fwcmd add pass udp from ${ip} to any 139 This is very permissive, and I don't know that all of it is needed. I want to restrict access to our localnet (hence the net:mask). mask = 255.255.255.0, so that shouldn't be the issue. I can SEE the machine from Windows98 but cannot connect to the share unless I drop the filters. The head of the rc.firewall area has: # Allow TCP through if setup succeeded $fwcmd add pass tcp from any to any established $fwcmd add pass tcp from ${ip} to any established $fwcmd add pass tcp from any to ${ip} 1024-65535 setup And I've toyed with "setup" and "established" with no affects. Someone had suggested the setup statement wasn't allowing the return traffic... and I've also had someone disagree with that. There's probably something very simple that I've overlooked. Pointers would be appreciated. Thanks... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message