Date: Fri, 30 Mar 2001 21:22:42 -0800 From: "Hervey Wilson" <herveyw@dynamic-cast.com> To: <nomad@netrail.net>, "Rick Knebel" <rknebel@uplink.net>, <questions@FreeBSD.ORG> Subject: Re: udp ports Message-ID: <006001c0b9a2$9d52e570$0101a8c0@chillipepper> References: <MPEGJCJPPBKNCNBGOHGDEEODCPAA.cschreiber@netrail.net>
next in thread | previous in thread | raw e-mail | index | archive | help
It's way, way simpler to just modify smb.conf to specify which interface(s)
samba should bind to, plus the bind interfaces only option. Then you don't
need the firewall piece as it's simply not using the external interface.
Here's a snippet from my smb.conf that should help:
[global]
interfaces = 192.168.1.254/24
bind interfaces only = Yes
H.
----- Original Message -----
From: "Christian S." <cschreiber@netrail.net>
To: "Rick Knebel" <rknebel@uplink.net>; <questions@FreeBSD.ORG>
Sent: Friday, March 30, 2001 5:07 PM
Subject: RE: udp ports
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> try the following:
>
> ipfw add deny udp from {outside} to {inside} 137,138
>
> Really, however, you could prolly make it:
>
> ipfw add deny udp from any to any 137,138
>
> Since (If I'm not assuming too much here) that your FW will be
> connected to a hub/switch, and from there to the LAN. You can specify
> "from any to any", 'coz the LAN machines *shouldnt* touch the FW
> interfaces at all, since they will all be communicating on the same
> subnet..
>
> ...Of course, I could be high, but I *think* that's how it should
> work.
>
> Christian
>
> "...we have only twice as many genes as a fruit fly, or roughly the
> same number as an ear of corn, about 30,000."
> Ergo, we are all corn.
>
>
> - -----Original Message-----
> From: owner-freebsd-questions@FreeBSD.ORG
> [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Rick Knebel
> Sent: Friday, March 30, 2001 8:05 PM
> To: questions@freebsd.org
> Subject: udp ports
>
>
> Hi,
>
> i have a small home network and firewall running on my freebsd box.
> I have 3 other computers that use it as a gateway to the internet and
> file sharing through Samba.
>
> I am tying to block the udp ports 137 and 138 so that I can still use
> samba but people on the outside cannot see these ports.
>
> I have tried now for 1 week to do this but no matter how I try when I
> have my computer scanned people can see my workgroup and netbios name
> and it says that ports 137 and 138 are visible.
>
>
> I guess I cannot get this syntax of the commands right.
>
>
> One person suggested this:
> ipfw add deny udp 137 from outbound interface to inbound interface
> ipfw add deny udp 137 from inbound interface to outbound interface
>
>
> This did not work.
>
> Can anyone help me or give a suggestion?
>
>
> Thanks
> Rick
> - --
> Rick Knebel
> rknebel@uplink.net
> http://members.tripod.com/~Rick_Knebel/
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>;
>
> iQA/AwUBOsUtxikK9qTvGvteEQLlqwCeNMTsCKsXSLU7eMFTJNYDh8G6P5QAni7y
> RYpOsX+mNblWmMqeLJuIBxu2
> =maIp
> -----END PGP SIGNATURE-----
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?006001c0b9a2$9d52e570$0101a8c0>