IPFW/Samba does not work with WinXP (but with MacOS 10.3)
Nicholas Henry
nicholas.henry at gmail.com
Tue May 10 19:00:46 PDT 2005
FreeBSD 5.3-RELEASE (GENERIC) #0: Fri Nov 5 04:19:18 UTC 2004
Hello folks:
Trying to set rules to let a local network only connection to a Samba
server running on my FreeBSD machine. I'm a FreeBSD newbie.
Below is the rules file. The strange thing is this works fine when
logging into the Samba server from a OS X, but no go with WinXP. I can
connect to the Samba server from WinXP if the IPFW is not loaded.
Any ideas?
#!/bin/sh
# Flush out the list before we begin.
ipfw -q -f flush
fwdcmd="ipfw -q add"
# loopback
${fwdcmd} 100 pass all from any to any via lo0
${fwdcmd} 200 deny all from any to 127.0.0.0/8
${fwdcmd} 300 deny ip from 127.0.0.0/8 to any
net="192.168.1.0"
mask="255.255.255.0"
# Allow the packet through if it has previous been added to the
# the "dynamic" rules table by a allow keep-state statement.
${fwdcmd} 350 check-state
# Allow any traffic to or from my own net.
${fwdcmd} 400 pass all from me to ${net}:${mask}
${fwdcmd} 500 pass all from ${net}:${mask} to me
# Allow TCP through if setup succeeded
${fwdcmd} 600 pass tcp from any to any established
# Allow IP fragments to pass through
${fwdcmd} 700 pass all from any to any frag
# Allow setup of incoming email
${fwdcmd} 800 pass tcp from any to me 25 setup
# Allow setup of outgoing TCP connections only
${fwdcmd} 900 pass tcp from me to any setup
# Disallow setup of all other TCP connections
${fwdcmd} 1000 deny tcp from any to any setup
# Allow DNS queries out in the world
${fwdcmd} 1100 pass udp from me to any 53 keep-state
# Allow NTP queries out in the world
${fwdcmd} 1200 pass udp from me to any 123 keep-state
# Allow access to our WWW
${fwdcmd} 1300 pass tcp from any to me 80 setup
# Telnet
${fwdcmd} 1400 allow tcp from any to me 23 setup limit src-addr 2
# Everything else is denied by default
More information about the freebsd-questions
mailing list