Mailinglist Archive: opensuse (3337 mails)

< Previous Next >
Re: [SLE] Samba Firewall Issue with Allowing Highports
  • From: Andres Mejia <mcitadel@xxxxxxxxx>
  • Date: Sun, 23 Apr 2006 15:43:32 -0400
  • Message-id: <200604231543.32321.mcitadel@xxxxxxxxx>
On Sunday 23 April 2006 14:25, Darryl Gregorash wrote:
> In general:
>
> FW_SERVICES_INT_TCP="microsoft-ds netbios-dgm netbios-ns netbios-ssn"
> FW_SERVICES_INT_UDP="netbios-ns"
>
Don't you mean FW_SERVICES_EXT_TCP AND FW_SERVICES_EXT_UDP? Also, netbios-dgm
is a udp protocol.

> and on any samba server:
>
> FW_ALLOW_FW_BROADCAST_INT="netbios-ns"
>
>
> Setting TRUSTED_NETS will open the ports on all network interfaces, and
> it is certainly not necessary to open -all- highports for UDP.
>
Here was my problem.

SFW2-INext-DROP-DEFLT IN=eth0 OUT=
MAC=00:10:b5:8d:af:fb:00:0c:6e:63:11:af:08:00 SRC=192.168.0.2
DST=192.168.0.101 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=139 DF PROTO=UDP
SPT=137 DPT=1028 LEN=70

Packets were being dropped because of the destination ports that were being
chosen. Here you see DPT=1028, but I saw ports being randomly picked between
1024 and 1030.

< Previous Next >