Mailinglist Archive: opensuse (3337 mails)

< Previous Next >
Re: [SLE] Samba Firewall Issue with Allowing Highports
  • From: Darryl Gregorash <raven@xxxxxxxxxxxxx>
  • Date: Sun, 23 Apr 2006 16:32:25 -0600
  • Message-id: <444C0079.5090603@xxxxxxxxxxxxx>
On 23/04/06 13:43, Andres Mejia wrote:
>
>SFW2-INext-DROP-DEFLT IN=eth0 OUT=
>MAC=00:10:b5:8d:af:fb:00:0c:6e:63:11:af:08:00 SRC=192.168.0.2
>DST=192.168.0.101 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=139 DF PROTO=UDP
>SPT=137 DPT=1028 LEN=70
>
>Packets were being dropped because of the destination ports that were being
>chosen. Here you see DPT=1028, but I saw ports being randomly picked between
>1024 and 1030.
>
>
You've never said which machine this was taken from, but I am certain it
is from your client machine. It is also a unicast packet, so it is
certainly in response to something else that was already sent by that
machine -- a samba server simply just does not emit an arbitrary unicast
message on port 137 with some arbitrary port as the destination.

It is absolutely impossible to know why any particular network packet
was dropped without knowing all the details of the firewall
configuration. What do you get from running this on the client machine:

iptables-save |grep -i input_ext



< Previous Next >
Follow Ups