From owner-freebsd-questions Sun Oct 17 10:38:16 1999 Delivered-To: freebsd-questions@freebsd.org Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207]) by hub.freebsd.org (Postfix) with ESMTP id 763EA14E32 for ; Sun, 17 Oct 1999 10:38:11 -0700 (PDT) (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com) Received: (from cjc@localhost) by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id NAA10042; Sun, 17 Oct 1999 13:40:34 -0400 (EDT) (envelope-from cjc) From: "Crist J. Clark" Message-Id: <199910171740.NAA10042@cc942873-a.ewndsr1.nj.home.com> Subject: Re: IPFW question In-Reply-To: <000101bf1858$6da0b2e0$1e01a8c0@aurora1.co.home.com> from Paul Davis at "Oct 16, 1999 10:31:05 pm" To: pdavis99@home.com (Paul Davis) Date: Sun, 17 Oct 1999 13:40:34 -0400 (EDT) Cc: freebsd-questions@FreeBSD.ORG Reply-To: cjclark@home.com X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Paul Davis wrote, [Charset iso-8859-1 unsupported, filtering to ASCII...] > Hi there, I've got a little problem that I hope someone could help me with. > I'm running 3.3-Stable with ipfw running along with natd, two NIC cards one > to the outside world and the other connecting to a hub with a windows98 and > a SCO UnixWare 7 box. Firewall type is set to open for right now. The > problem I'm having is as soon as I started running ipfw I noticed a HUGH > amount of netbios udp packets being broadcast out to port 137 and 138 on > subnet 24.6.241.255 (for example there are a couple of other segments I > seem to be broadcasting to.) That network is apparently @Home in Virginia, and if your mail header is to be believed, you are on the 24.8.17.0/24 network of @Home in Texas. The physical separation of your sites does not bother me, but there is no reason broadcasts on the 24.6.241.0/24 net should be leaking into 24.8.17.0/24. If that is really happening, you should report it to the network admins. > I thought possibly I had some windows networking stuff turned on but I don't > have anything installed on the FreeBSD box that uses netbios, I have ports > 136-139 turned off in services and inetd.conf. If I disconnect my internal > network and reboot FreeBSD it still sends the packets. I tried setting up > packet filtering rules to kill out going packet to ports 136-139 but I'm not > getting the syntax right or something. The ipfw man page is not quite > helpful enough, I can't find much about ipfw in the handbook and the FAQ was > less than helpful. Wait, your FreeBSD box is spewing out these NetBIOS packets on its own? You _should_ see lots of NetBIOS trying to get in if we assume the majority of @Home users on your LAN are sporting WinBoxes. I would not expect packets trying to get out, even if your internal WinBoxes are hooked up (since you are using RFC 1918 addresses on that internal net, right?). The only reason I can think of for a FreeBSD box to be sending out NetBIOS packets is if it is running Samba or Sharity-Light. But you said you turned off all of the NetBIOS using facilities on the box. > Where can I find some good documentation on using ipfw or could some kind > soul help me with the syntax to kill packets going out to certain ports? > BTW I've tried to just deny all netbios packets but that seems to kill natd. > I don't know help....:) Killing NetBIOS packets should not do anything to NATd. To block NetBIOS from coming in or out from the Outside, # ipfw add deny ip from any 137-139 to any via # ipfw add deny ip from any to any 137-139 via Where is the name of your external interface. With this rule, you can still run Samba or Sharity-Light and have it work on your internal network. As for good documentation for using ipfw, there is the manpage, the rc.firewall script is well commented, the FreeBSD Handbook (http://www.freebsd.org/handbook/firewalls.html), and a many other websites from FreeBSD users, http://www.metronet.com/~pgilley/freebsd/ipfw/ http://www.freebsd.org/~jkb/howto.html -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message