problem with netbios taffic and firewall rules

abdul freebsd at citizensbankng.com
Mon May 12 04:35:21 PDT 2003 

Hi all,
I use freeBSD as my proxy and firewall. I started noticing slowness and my
ISP analysed my traffic and confirmed to me that my uplink (from me to the
internet) is unusually high and the bulk of it are of "Netbios protocols".


I have tried the following firewall options but no success yet:
IPDIVERT and  IPFIREWALL options are enabled in my kernel.
My local and secondary interfaces are xl0 and tl0 respectively.

Option1

Here, firewall_type="open" , then I introduced some rules to block the
netbios traffic.
The output of "ipfw l" is ass follows:

00040 deny udp from any 137 to any
00041 deny udp from any 138 to any
00042 deny udp from any 139 to any
00043 deny tcp from any 137 to any
00044 deny tcp from any 138 to any
00045 deny tcp from any 139 to any
00050 divert 8668 ip from any to any via tl0
00099 deny ip from 128.1.100.106 to any
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
65000 allow ip from any to any
65535 deny ip from any to any

Here, a tcpdump command still reveals that the netbios traffic are still
going through
both xl0 and tl0.

Option2
Here , I used  firewall_type="cib-firewall". The content of cib-firewall is
:

add allow ip from 128.1.100.234/32 to any
add allow tcp from any http to any
add allow udp from any http to any
add allow tcp from any 3128 to any
add allow udp from any 3128 to any
add allow tcp from any 3130 to any
add allow udp from any 3130 to any
add allow udp from any dnsix to any
add allow tcp from any dnsix to any
add allow icmp from any to any
add allow tcp from any 23 to any
add allow udp from any 23 to any
add allow tcp from any domain to any
add allow udp from any domain to any
add allow tcp from any nameserver to any
add allow udp from any nameserver to any
add allow udp from any hostname to any
add allow tcp from any hostname to any
add allow tcp from any hosts2-ns to any
add allow udp from any hosts2-ns to any

Here, my squid software would not work, because it cant perform
and "nslookup" command.
I cannot even perforn an "nslookup" command fom command line. It tells
me that it cannot find the DNS servers, even when I can ping them

Any help?


Thanks
abdul

More information about the freebsd-questions mailing list