IPFW/Samba does not work with WinXP (but with MacOS 10.3)

Nicholas Henry nicholas.henry at gmail.com
Tue May 10 19:00:46 PDT 2005


FreeBSD 5.3-RELEASE (GENERIC) #0: Fri Nov  5 04:19:18 UTC 2004

Hello folks:

Trying to set rules to let a local network only connection to a Samba
server running on my FreeBSD machine. I'm a FreeBSD newbie.

Below is the rules file. The strange thing is this works fine when
logging into the Samba server from a OS X, but no go with WinXP. I can
connect to the Samba server from WinXP if the IPFW is not loaded.

Any ideas? 

#!/bin/sh
# Flush out the list before we begin.
ipfw -q -f flush

fwdcmd="ipfw -q add"

# loopback

${fwdcmd} 100 pass all from any to any via lo0
${fwdcmd} 200 deny all from any to 127.0.0.0/8
${fwdcmd} 300 deny ip from 127.0.0.0/8 to any

net="192.168.1.0"
mask="255.255.255.0"

# Allow the packet through if it has previous been added to the
# the "dynamic" rules table by a allow keep-state statement.
${fwdcmd} 350 check-state

# Allow any traffic to or from my own net.
${fwdcmd} 400 pass all from me to ${net}:${mask}
${fwdcmd} 500 pass all from ${net}:${mask} to me

# Allow TCP through if setup succeeded
${fwdcmd} 600 pass tcp from any to any established

# Allow IP fragments to pass through
${fwdcmd} 700 pass all from any to any frag

# Allow setup of incoming email
${fwdcmd} 800 pass tcp from any to me 25 setup

# Allow setup of outgoing TCP connections only
${fwdcmd} 900 pass tcp from me to any setup

# Disallow setup of all other TCP connections
${fwdcmd} 1000 deny tcp from any to any setup

# Allow DNS queries out in the world
${fwdcmd} 1100 pass udp from me to any 53 keep-state

# Allow NTP queries out in the world
${fwdcmd} 1200 pass udp from me to any 123 keep-state

# Allow access to our WWW
${fwdcmd} 1300 pass tcp from any to me 80 setup

# Telnet
${fwdcmd} 1400 allow tcp from any to me 23 setup limit src-addr 2

# Everything else is denied by default


More information about the freebsd-questions mailing list