Date: Tue, 10 May 2005 22:00:42 -0400 From: Nicholas Henry <nicholas.henry@gmail.com> To: freebsd-questions@freebsd.org Subject: IPFW/Samba does not work with WinXP (but with MacOS 10.3) Message-ID: <ee11ef4a05051019005e7ee2f2@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
FreeBSD 5.3-RELEASE (GENERIC) #0: Fri Nov 5 04:19:18 UTC 2004
Hello folks:
Trying to set rules to let a local network only connection to a Samba
server running on my FreeBSD machine. I'm a FreeBSD newbie.
Below is the rules file. The strange thing is this works fine when
logging into the Samba server from a OS X, but no go with WinXP. I can
connect to the Samba server from WinXP if the IPFW is not loaded.
Any ideas?=20
#!/bin/sh
# Flush out the list before we begin.
ipfw -q -f flush
fwdcmd=3D"ipfw -q add"
# loopback
${fwdcmd} 100 pass all from any to any via lo0
${fwdcmd} 200 deny all from any to 127.0.0.0/8
${fwdcmd} 300 deny ip from 127.0.0.0/8 to any
net=3D"192.168.1.0"
mask=3D"255.255.255.0"
# Allow the packet through if it has previous been added to the
# the "dynamic" rules table by a allow keep-state statement.
${fwdcmd} 350 check-state
# Allow any traffic to or from my own net.
${fwdcmd} 400 pass all from me to ${net}:${mask}
${fwdcmd} 500 pass all from ${net}:${mask} to me
# Allow TCP through if setup succeeded
${fwdcmd} 600 pass tcp from any to any established
# Allow IP fragments to pass through
${fwdcmd} 700 pass all from any to any frag
# Allow setup of incoming email
${fwdcmd} 800 pass tcp from any to me 25 setup
# Allow setup of outgoing TCP connections only
${fwdcmd} 900 pass tcp from me to any setup
# Disallow setup of all other TCP connections
${fwdcmd} 1000 deny tcp from any to any setup
# Allow DNS queries out in the world
${fwdcmd} 1100 pass udp from me to any 53 keep-state
# Allow NTP queries out in the world
${fwdcmd} 1200 pass udp from me to any 123 keep-state
# Allow access to our WWW
${fwdcmd} 1300 pass tcp from any to me 80 setup
# Telnet
${fwdcmd} 1400 allow tcp from any to me 23 setup limit src-addr 2
# Everything else is denied by default
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ee11ef4a05051019005e7ee2f2>