problem with netbios taffic and firewall rules

Ruben de Groot fbsd-q at bzerk.org
Mon May 12 07:39:00 PDT 2003 

On Mon, May 12, 2003 at 12:18:08PM +0100, abdul typed:
> Hi all,
> I use freeBSD as my proxy and firewall. I started noticing slowness and my
> ISP analysed my traffic and confirmed to me that my uplink (from me to the
> internet) is unusually high and the bulk of it are of "Netbios protocols".
> 
> 
> I have tried the following firewall options but no success yet:
> IPDIVERT and  IPFIREWALL options are enabled in my kernel.
> My local and secondary interfaces are xl0 and tl0 respectively.
> 
> Option1
> 
> Here, firewall_type="open" , then I introduced some rules to block the
> netbios traffic.
> The output of "ipfw l" is ass follows:
> 
> 00040 deny udp from any 137 to any
> 00041 deny udp from any 138 to any
> 00042 deny udp from any 139 to any
> 00043 deny tcp from any 137 to any
> 00044 deny tcp from any 138 to any
> 00045 deny tcp from any 139 to any

This will only block responses to netbios-related connections. If you want 
to block the netbios connection attempts themselves try this:

00040 deny udp from any to any 137
00040 deny udp from any to any 138
00040 deny udp from any to any 139
00040 deny tcp from any to any 137
00040 deny tcp from any to any 138
00040 deny tcp from any to any 139

> 00050 divert 8668 ip from any to any via tl0
> 00099 deny ip from 128.1.100.106 to any
> 00100 allow ip from any to any via lo0
> 00200 deny ip from any to 127.0.0.0/8
> 00300 deny ip from 127.0.0.0/8 to any
> 65000 allow ip from any to any
> 65535 deny ip from any to any
> 
> Here, a tcpdump command still reveals that the netbios traffic are still
> going through
> both xl0 and tl0.
> 
> Option2
> Here , I used  firewall_type="cib-firewall". The content of cib-firewall is
> :
> 
> add allow ip from 128.1.100.234/32 to any
> add allow tcp from any http to any
> add allow udp from any http to any
> add allow tcp from any 3128 to any
> add allow udp from any 3128 to any
> add allow tcp from any 3130 to any
> add allow udp from any 3130 to any
> add allow udp from any dnsix to any
> add allow tcp from any dnsix to any
> add allow icmp from any to any
> add allow tcp from any 23 to any
> add allow udp from any 23 to any
> add allow tcp from any domain to any
> add allow udp from any domain to any
> add allow tcp from any nameserver to any
> add allow udp from any nameserver to any
> add allow udp from any hostname to any
> add allow tcp from any hostname to any
> add allow tcp from any hosts2-ns to any
> add allow udp from any hosts2-ns to any
> 
> Here, my squid software would not work, because it cant perform
> and "nslookup" command.
> I cannot even perforn an "nslookup" command fom command line. It tells
> me that it cannot find the DNS servers, even when I can ping them
> 
> Any help?
> 
> 
> Thanks
> abdul
> 
> 
> 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list