From owner-freebsd-questions  Mon Mar 26 20:20: 6 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from clmboh1-smtp3.columbus.rr.com (clmboh1-smtp3.columbus.rr.com [65.24.0.112])
	by hub.freebsd.org (Postfix) with ESMTP id 13ADF37B71B
	for <questions@FreeBSD.ORG>; Mon, 26 Mar 2001 20:20:00 -0800 (PST)
	(envelope-from wmoran@iowna.com)
Received: from iowna.com (dhcp065-024-023-038.columbus.rr.com [65.24.23.38])
	by clmboh1-smtp3.columbus.rr.com (8.11.2/8.11.2) with ESMTP id f2R4FpH13144;
	Mon, 26 Mar 2001 23:15:56 -0500 (EST)
Message-ID: <3AC014D8.E7AC067F@iowna.com>
Date: Mon, 26 Mar 2001 23:19:36 -0500
From: Bill Moran <wmoran@iowna.com>
X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.2-STABLE i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Rick Knebel <rknebel@uplink.net>
Cc: questions@FreeBSD.ORG
Subject: Re: firewall
References: <p05001900b6e574f8558d@[192.168.1.2]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Rick Knebel wrote:
> 
> Hi,
> I have set up a simple firewall for my home network and it seems to
> be working fine.
> 
> I do run samba to file share with the other computers on my network.
> I recently had my IP caned for a security and it came back with the
> following info.
> 
> 137  udp  netbios-ns  </securitytest/images/caution.gif>  open or
> filtered  Windows 9x and Windows NT use this port to locate other
> systems on the network with NetBIOS name lookups. Windows NT may also
> use this port for a logon sequence, and other login security related
> processes. Leaving this port open may allow an intruder to find an
> entire list of computers in your workgroup.
> 
> 138  udp  netbios-dgm  </securitytest/images/caution.gif> open or
> filtered  Windows 9x and Windows NT uses this port to locate other
> systems on the network and allow users to browse folders and printers
> on this computer. Windows may also use this port for NetLogin
> sequences and NT Directory replication. Leaving this port open may
> allow an intruder to find an entire list of computers in your
> workgroup.
> 
> These two ports 137 nad 138. Can they be blocked and still be able to
> run samba?

Yes and No.
If you want to connect to the Samba share, those ports must be open. I
would recommend building a set of firewall rules that only allow
connections on those ports from IP addresses that you trust and
rejecting any other connection attempt.

-Bill

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message