From owner-freebsd-questions@FreeBSD.ORG Wed May 11 02:00:46 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 59C0916A4CE for ; Wed, 11 May 2005 02:00:46 +0000 (GMT) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id E50B843D69 for ; Wed, 11 May 2005 02:00:45 +0000 (GMT) (envelope-from nicholas.henry@gmail.com) Received: by zproxy.gmail.com with SMTP id 40so115304nzk for ; Tue, 10 May 2005 19:00:42 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=ZWPSnSGU0r9z8GoJkXdvsIUZI9nizQ/KqxfN6PbkR7tsju1iyOsvQbYtauwO8XXuYfwjW9ViI2fMWqN43Y0BlBgKz/JqI86Ebyjk2Jx1V3Axi+yl9Lc1XhoExzgTDtXjqC3mFXKhKAfkc0dR2/pbfDrHVvI7ARhOX1ComBh6ZlQ= Received: by 10.36.120.12 with SMTP id s12mr58575nzc; Tue, 10 May 2005 19:00:42 -0700 (PDT) Received: by 10.36.86.2 with HTTP; Tue, 10 May 2005 19:00:42 -0700 (PDT) Message-ID: Date: Tue, 10 May 2005 22:00:42 -0400 From: Nicholas Henry To: freebsd-questions@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Subject: IPFW/Samba does not work with WinXP (but with MacOS 10.3) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Nicholas Henry List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 May 2005 02:00:46 -0000 FreeBSD 5.3-RELEASE (GENERIC) #0: Fri Nov 5 04:19:18 UTC 2004 Hello folks: Trying to set rules to let a local network only connection to a Samba server running on my FreeBSD machine. I'm a FreeBSD newbie. Below is the rules file. The strange thing is this works fine when logging into the Samba server from a OS X, but no go with WinXP. I can connect to the Samba server from WinXP if the IPFW is not loaded. Any ideas?=20 #!/bin/sh # Flush out the list before we begin. ipfw -q -f flush fwdcmd=3D"ipfw -q add" # loopback ${fwdcmd} 100 pass all from any to any via lo0 ${fwdcmd} 200 deny all from any to 127.0.0.0/8 ${fwdcmd} 300 deny ip from 127.0.0.0/8 to any net=3D"192.168.1.0" mask=3D"255.255.255.0" # Allow the packet through if it has previous been added to the # the "dynamic" rules table by a allow keep-state statement. ${fwdcmd} 350 check-state # Allow any traffic to or from my own net. ${fwdcmd} 400 pass all from me to ${net}:${mask} ${fwdcmd} 500 pass all from ${net}:${mask} to me # Allow TCP through if setup succeeded ${fwdcmd} 600 pass tcp from any to any established # Allow IP fragments to pass through ${fwdcmd} 700 pass all from any to any frag # Allow setup of incoming email ${fwdcmd} 800 pass tcp from any to me 25 setup # Allow setup of outgoing TCP connections only ${fwdcmd} 900 pass tcp from me to any setup # Disallow setup of all other TCP connections ${fwdcmd} 1000 deny tcp from any to any setup # Allow DNS queries out in the world ${fwdcmd} 1100 pass udp from me to any 53 keep-state # Allow NTP queries out in the world ${fwdcmd} 1200 pass udp from me to any 123 keep-state # Allow access to our WWW ${fwdcmd} 1300 pass tcp from any to me 80 setup # Telnet ${fwdcmd} 1400 allow tcp from any to me 23 setup limit src-addr 2 # Everything else is denied by default