[leaf-user] Is shorewall configured by default to drop/reject udp broadcasts?

[youngdo]

Hi!

I am a Bering v1.0-stable user.

Is shorewall configured by default to drop/reject udp broadcasts?

I'm trying to setup samba and my windows machines can't see the samba server
(which is also the firewall).  I see the following errors in log.nmbd:


[2002/12/02 16:58:02, 0] nmbd/nmbd.c:main(794)
  Netbios nameserver version 2.2.5 started.
  Copyright Andrew Tridgell and the Samba Team 1994-2002
[2002/12/02 16:58:02, 0] nmbd/asyncdns.c:start_async_dns(148)
  started asyncdns process 31573
[2002/12/02 16:58:02, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(339)
  become_domain_master_browser_wins:
  Attempting to become domain master browser on workgroup WORK, subnet UNICAST_SUBNET.
[2002/12/02 16:58:02, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(354)
  become_domain_master_browser_wins: querying WINS server at IP 192.168.1.254 for 
domain master browser name WORK<1b> on workgroup WORK
[2002/12/02 16:58:02, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(114)
  *****
  
  Samba server FIREWALL is now a domain master browser for workgroup WORK on subnet 
UNICAST_SUBNET
  
  *****
[2002/12/02 16:58:02, 0] 
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(291)
  become_domain_master_browser_bcast:
  Attempting to become domain master browser on workgroup WORK on subnet 192.168.1.254
[2002/12/02 16:58:02, 0] 
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(305)
  become_domain_master_browser_bcast: querying subnet 192.168.1.254 for domain master 
browser on workgroup WORK
[2002/12/02 16:58:04, 0] libsmb/nmblib.c:send_udp(756)
  Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
[2002/12/02 16:58:04, 0] 
nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
  retransmit_or_expire_response_records: Failed to resend packet id 3317 to IP 
192.168.1.255 on subnet 192.168.1.254
[2002/12/02 16:58:04, 0] libsmb/nmblib.c:send_udp(756)
  Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
[2002/12/02 16:58:04, 0] 
nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
  retransmit_or_expire_response_records: Failed to resend packet id 3318 to IP 
192.168.1.255 on subnet 192.168.1.254
[2002/12/02 16:58:04, 0] libsmb/nmblib.c:send_udp(756)
  Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
[2002/12/02 16:58:04, 0] 
nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
  retransmit_or_expire_response_records: Failed to resend packet id 3319 to IP 
192.168.1.255 on subnet 192.168.1.254
[2002/12/02 16:58:04, 0] libsmb/nmblib.c:send_udp(756)
  Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
[2002/12/02 16:58:04, 0] 
nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
  retransmit_or_expire_response_records: Failed to resend packet id 3320 to IP 
192.168.1.255 on subnet 192.168.1.254
[2002/12/02 16:58:04, 0] libsmb/nmblib.c:send_udp(756)
  Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
[2002/12/02 16:58:04, 0] 
nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
  retransmit_or_expire_response_records: Failed to resend packet id 3321 to IP 
192.168.1.255 on subnet 192.168.1.254
[2002/12/02 16:58:04, 0] libsmb/nmblib.c:send_udp(756)
  Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
[2002/12/02 16:58:04, 0] 
nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
  retransmit_or_expire_response_records: Failed to resend packet id 3330 to IP 
192.168.1.255 on subnet 192.168.1.254
[2002/12/02 16:58:05, 0] libsmb/nmblib.c:send_udp(756)
  Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
[2002/12/02 16:58:05, 0] 
nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
  retransmit_or_expire_response_records: Failed to resend packet id 3317 to IP 
192.168.1.255 on subnet 192.168.1.254
[2002/12/02 16:58:05, 0] libsmb/nmblib.c:send_udp(756)
  Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
[2002/12/02 16:58:05, 0] 
nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
  retransmit_or_expire_response_records: Failed to resend packet id 3318 to IP 
192.168.1.255 on subnet 192.168.1.254
[2002/12/02 16:58:05, 0] libsmb/nmblib.c:send_udp(756)
  Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
[2002/12/02 16:58:05, 0] 
nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
  retransmit_or_expire_response_records: Failed to resend packet id 3319 to IP 
192.168.1.255 on subnet 192.168.1.254
[2002/12/02 16:58:05, 0] libsmb/nmblib.c:send_udp(756)
  Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
[2002/12/02 16:58:05, 0] 
nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
  retransmit_or_expire_response_records: Failed to resend packet id 3320 to IP 
192.168.1.255 on subnet 192.168.1.254
[2002/12/02 16:58:05, 0] libsmb/nmblib.c:send_udp(756)
  Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
[2002/12/02 16:58:05, 0] 
nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
  retransmit_or_expire_response_records: Failed to resend packet id 3321 to IP 
192.168.1.255 on subnet 192.168.1.254
[2002/12/02 16:58:05, 0] libsmb/nmblib.c:send_udp(756)
  Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
[2002/12/02 16:58:05, 0] 
nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
  retransmit_or_expire_response_records: Failed to resend packet id 3330 to IP 
192.168.1.255 on subnet 192.168.1.254
[2002/12/02 16:58:06, 0] libsmb/nmblib.c:send_udp(756)
  Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
[2002/12/02 16:58:06, 0] 
nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
  retransmit_or_expire_response_records: Failed to resend packet id 3317 to IP 
192.168.1.255 on subnet 192.168.1.254
[2002/12/02 16:58:06, 0] libsmb/nmblib.c:send_udp(756)
  Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
[2002/12/02 16:58:06, 0] 
nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
  retransmit_or_expire_response_records: Failed to resend packet id 3318 to IP 
192.168.1.255 on subnet 192.168.1.254
[2002/12/02 16:58:06, 0] libsmb/nmblib.c:send_udp(756)
  Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
[2002/12/02 16:58:06, 0] 
nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
  retransmit_or_expire_response_records: Failed to resend packet id 3319 to IP 
192.168.1.255 on subnet 192.168.1.254
[2002/12/02 16:58:06, 0] libsmb/nmblib.c:send_udp(756)
  Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
[2002/12/02 16:58:06, 0] 
nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
  retransmit_or_expire_response_records: Failed to resend packet id 3320 to IP 
192.168.1.255 on subnet 192.168.1.254
[2002/12/02 16:58:06, 0] libsmb/nmblib.c:send_udp(756)
  Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
[2002/12/02 16:58:06, 0] 
nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
  retransmit_or_expire_response_records: Failed to resend packet id 3321 to IP 
192.168.1.255 on subnet 192.168.1.254
[2002/12/02 16:58:06, 0] libsmb/nmblib.c:send_udp(756)
  Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
[2002/12/02 16:58:06, 0] 
nmbd/nmbd_packets.c:retransmit_or_expire_response_records(1655)
  retransmit_or_expire_response_records: Failed to resend packet id 3330 to IP 
192.168.1.255 on subnet 192.168.1.254
[2002/12/02 16:58:07, 0] libsmb/nmblib.c:send_udp(756)
  Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted
[2002/12/02 16:58:07, 0] nmbd/nmbd_packets.c:send_netbios_packet(172)
  send_netbios_packet: send_packet() to IP 192.168.1.255 port 137 failed
[2002/12/02 16:58:07, 0] nmbd/nmbd_nameregister.c:register_name(360)
  register_name: Failed to send packet trying to register name WORK<1b>
[2002/12/02 16:58:09, 0] libsmb/nmblib.c:send_udp(756)
  Packet send failed to 192.168.1.255(138) ERRNO=Operation not permitted
[2002/12/02 16:58:11, 0] libsmb/nmblib.c:send_udp(756)
  Packet send failed to 192.168.1.255(138) ERRNO=Operation not permitted
[2002/12/02 16:58:25, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(404)
  *****
  
  Samba name server FIREWALL is now a local master browser for workgroup WORK on 
subnet 192.168.1.254
  
  *****

My /etc/shorewall/  flies:

Shorewall 1.3.10

/etc/shorewall/interfaces
net     ppp0            -                 noping
loc     eth1            detect          routestopped
loc     ppp+

/etc/shorewall/policy
loc             loc             ACCEPT
loc             net             ACCEPT
net             all              DROP         info
all               all              REJECT      info

/etc/shorewall/rules
ACCEPT          net       fw            tcp     1723
ACCEPT          net       fw            47      -
ACCEPT          fw        net           47      -
ACCEPT          fw        loc           udp    137:139
ACCEPT          fw        loc           tcp     137,139
ACCEPT          fw        loc           udp    1024:   137
ACCEPT          loc       fw            udp    137:139
ACCEPT          loc       fw            tcp     137,139
ACCEPT          loc       fw            udp    1024:   137

/etc/shorewall/masq
ppp0              eth1


/etc/shorewall/tunnels
pptpserver              net     0.0.0.0/0


/etc/samba/smb.conf


[global]
 workgroup = WORK
 domain master = yes
 local master = yes
 preferred master = yes
 os level = 65
 wins support = yes
 name resolve order = wins lmhosts hosts bcast
[test]
 comment = for testing only, please
 path = /export/samba/test
 readonly = no
 guest ok = yes

 
Thanks,

-Youngdo


N�HY޵隊X���'���u��z�azw�=�fN��קN�v�t�0z����❧(����ȳzm���v�(��~��zw���"n)���b��-�ZZ�m4�g��柺ǫ����x%��ey�����l���q���z�m��?�X���(��~��zw��X�����b��?�柺ǫI@Bm���y�鮈�r�+��no�hs�hrf�j�����|�Xm�