Re: [cobalt-users] IP Firewall

[Rickard Osser <ricky@xxxxxxxx>]

On Tue, 7 Dec 1999, Desmond S. Fuller wrote:

> Hello all.
> 
> I have a question on the IP Firewall piece of the Qube 2 (actually anyone
> with IPFWadm experience could help).
> 
> I want to have the ability to use SAMBA (smb) from my office IP to my Home
> Qube 2.  I went to the Cobalt site and used their Firewalling script.
> Everything seemed to be fine until I tried to use Samba.  The original rule
> was the following for SAMBA (I have changed my IPs to be safe - assume
> 12.3.45.100 is HOME and 111.222.333.81 is WORK.
> 
> 
> 	  Policy 	Source	Destination	  Protocol
> 		  IP 	  Port 	  IP 	  Port
>  12	 Allow	 Any	 Any	 12.3.45.100/24	 139	 TCP
> 
> I did some digging and Microsoft claims you need to punch out the following:
> 
> 	Port 135 (TCP or UDP) for RPC Service
> 	Port 137 (UDP) for NetBIOS Name Service
> 	Port 138 (UDP) for NetBIOS datagram (Browsing)
> 	Port 139 (TCP) for NetBIOS session (Net USE)
> 
> I punched these into IP Firewall with my work address as the Source (i.e. I
> only want my office address to be able to pass thru the Firewall.
> 
>  IP Filtering Rule List
> 	  Policy 	Source	Destination	  Protocol
> 		  IP 	  Port 	  IP 	  Port
>  11	 Allow	 111.222.333.81/24	 Any	 24.3.48.149/24	 135	 TCP
>  12	 Allow	 111.222.333.81/24	 Any	 24.3.48.149/24	 137-138	 UDP
>  13	 Allow	 111.222.333.81/24	 Any	 24.3.48.149/24	 139	 TCP
> 
> It half worked... meaning I can connect to SAMBA but so can anyone else.  It
> seems that the Source IP didn't work?!
> 
> What am I doing wrong?
> 
Try changing /24 into /32 /24 is a netmask of 255.255.255.0 and /32 is a
hostroute.
This might not work though.... I haven't tried it on IPFWADM.


Best regards,

Rickard Osser
Manager
Osser Brosoft AB		Distributor of Cobalt Networks servers
Maria Bangata 6			Computer Consultants
S-118 63 Stockholm, Sweden	Networking, DOS/Win/Mac/Linux/Unix
Tel: +46-8-798 29 27		E-mail: ricky@xxxxxxxx
Fax: +46-8-668 89 10		WWW: http://www.brosoft.net