Leandro Sales - Estagiário GTI
2001-Apr-27 20:52 UTC
Planning a Firewall -> Samba don't work!
Hi folks...
I'm configuring Firewall in the server running Conectiva Linux 6.0
(Brazil)
and I already configured to accept connections in the ports:
netbios-ns 137/tcp # NETBIOS Name Service
netbios-ns 137/udp
netbios-dgm 138/tcp # NETBIOS Datagram Service
netbios-dgm 138/udp
netbios-ssn 139/tcp # NETBIOS session service
netbios-ssn 139/udp
I'm using the IPCHAINS and I configured in this way:
ipchains -A input -i $EXTERNAL_INTERFACE \
-s $ANYWHERE $NETBIOSPORTS -p tcp \
-d $IPADDR $NETBIOSPORTS -j ACCEPT
ipchains -A output -i $EXTERNAL_INTERFACE \
-s $IPADDR $NETBIOSPORTS -p tcp \
-d $ANYWHERE $NETBIOSPORTS -j ACCEPT
ipchains -A input -i $EXTERNAL_INTERFACE \
-s $ANYWHERE $NETBIOSPORTS -p udp \
-d $IPADDR $NETBIOSPORTS -j ACCEPT
ipchains -A output -i $EXTERNAL_INTERFACE \
-s $IPADDR $NETBIOSPORTS -p udp \
-d $ANYWHERE $NETBIOSPORTS -j ACCEPT
Please, if someone knows what is happen, please, anwser me...
Thanks...
Leandro Melo de Sales.
CEFET/AL - Centro Federal de Educa??o Tecnol?gica de Alagoas
Estagi?rio GTI - Ger?ncia de Tecnologia da Informa??o
------------------------------------------------
Mensagem enviada pelo servidor de Webmail www.etfal.g12.br
At 06:52 a 28/04/01, Leandro wrote:>Hi folks... > > I'm configuring Firewall in the server running Conectiva Linux 6.0 > (Brazil) >and I already configured to accept connections in the ports: > >netbios-ns 137/tcp # NETBIOS Name Service >netbios-ns 137/udp >netbios-dgm 138/tcp # NETBIOS Datagram Service >netbios-dgm 138/udp >netbios-ssn 139/tcp # NETBIOS session service >netbios-ssn 139/udp > > I'm using the IPCHAINS and I configured in this way: > > >ipchains -A input -i $EXTERNAL_INTERFACE \ >-s $ANYWHERE $NETBIOSPORTS -p tcp \ >-d $IPADDR $NETBIOSPORTS -j ACCEPT > >ipchains -A output -i $EXTERNAL_INTERFACE \ >-s $IPADDR $NETBIOSPORTS -p tcp \ >-d $ANYWHERE $NETBIOSPORTS -j ACCEPT > >ipchains -A input -i $EXTERNAL_INTERFACE \ >-s $ANYWHERE $NETBIOSPORTS -p udp \ >-d $IPADDR $NETBIOSPORTS -j ACCEPT > >ipchains -A output -i $EXTERNAL_INTERFACE \ >-s $IPADDR $NETBIOSPORTS -p udp \ >-d $ANYWHERE $NETBIOSPORTS -j ACCEPT > >Please, if someone knows what is happen, please, anwser me... > >Thanks... > > > Leandro Melo de Sales. >CEFET/AL - Centro Federal de Educa??o Tecnol?gica de Alagoas > Estagi?rio GTI - Ger?ncia de Tecnologia da Informa??oHi Leandro, At a glance, you appear to be having the same problem I was having with telnet only a few days ago. As far as I can tell, Windows doesn't connect from ports 137-139 as you would expect. I've just set one of my machines here to log to the system log, and it appears that Windows is connecting FROM port 2695 TO port 139. I have no idea why it does this (if anyone out there does know, please share it with us!), but I think that could be your problem. If it does turn out to be your problem, I suggest you just set ipchains to filter anything heading TO ports 137-139, regardless of where they're coming FROM. But then again, setting ipchains to filter exact source and destination ports will probably add more security to the system. Let us know how you go. ---------------------------- Anthony (aslan@ispdr.net.au) ----------------------------