Mailinglist Archive: opensuse-security (145 mails)

< Previous Next >
Re: AW: AW: AW: [suse-security] SuSEfirewall2 blocks SMB traffic
  • From: tmp@xxxxxxxxx
  • Date: Sun, 28 Nov 2004 13:36:45 +0100
  • Message-id: <200411281336.48441.tmp@xxxxxxxxx>
On Sunday 28 November 2004 01:04, Kai Hauser wrote:
> does the firewall logs droped packets?
> hint:
> tail -f /var/log/messages

Not really, I found:

Nov 28 13:22:35 tcn nmbd[4389]: [2004/11/28 13:22:35, 0]
nmbd/nmbd_namequery.c:query_name_response(101)
Nov 28 13:22:35 tcn nmbd[4389]: query_name_response: Multiple (2) responses
received for a query on subnet 192.168.0.2 for name HOME<1d>.
Nov 28 13:22:35 tcn nmbd[4389]: This response was from IP 192.168.0.3,
reporting an IP address of 192.168.0.3.
Nov 28 13:22:42 tcn SuSEfirewall2: Warning:
FW_ALLOW_INCOMING_HIGHPORTS_UDP=DNS no longer supported
Nov 28 13:22:42 tcn SuSEfirewall2: Firewall rules successfully set
from /etc/sysconfig/SuSEfirewall2

but could not reproduce it. 192.168.0.3 is the Windows machine.

> nmap -p 139,145 <ip> and

Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-11-28 13:32 CET
Interesting ports on tcn.local (192.168.0.2):
PORT STATE SERVICE
139/tcp open netbios-ssn
445/tcp open microsoft-ds

> nmap -sU -p 137,138 <ip>

Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-11-28 13:33 CET
Interesting ports on 192.168.0.3:
PORT STATE SERVICE
137/udp open netbios-ns
138/udp open netbios-dgm

> smbclient -L <ip> shows shares

Password:
Domain=[HOME] OS=[Unix] Server=[Samba 3.0.7-5.2-SUSE]

Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (tcn)
ADMIN$ IPC IPC Service (tcn)
Domain=[HOME] OS=[Unix] Server=[Samba 3.0.7-5.2-SUSE]

Server Comment
--------- -------
TCN tcn

Workgroup Master
--------- -------
HOME

For the Windows machine I get:

session request to 192.168.0.3 failed (Called name not present)
session request to 192 failed (Called name not present)

?

> nmbclient -A <ip> shows netbiosnames

Hmm, seems I don't have nmbclient...

> but 192.168.0.255 is a strange IP for a router.

You are right, it's 192.168.0.1 :-)

> Type ipconfig in windows commandprompt to see what settings the
> windowsbox got from dhcp.

192.168.0.3
< Previous Next >
This Thread
Follow Ups