Re: [leaf-user] Is shorewall configured by default to drop/rejectudp broadcasts?

Mon, 02 Dec 2002 09:02:10 -0800



--On Thursday, May 16, 2002 01:28:43 AM +0900 youngdo <[EMAIL PROTECTED]> wrote:

Hi!

Is shorewall configured by default to drop/reject udp broadcasts?

No.


  *****
[2002/12/02 16:58:02, 0]
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(291)
become_domain_master_browser_bcast:
  Attempting to become domain master browser on workgroup WORK on subnet
192.168.1.254 [2002/12/02 16:58:02, 0]
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(305)
become_domain_master_browser_bcast: querying subnet 192.168.1.254 for
domain master browser on workgroup WORK [2002/12/02 16:58:04, 0]
libsmb/nmblib.c:send_udp(756)
  Packet send failed to 192.168.1.255(137) ERRNO=Operation not permitted


	<Many messages snipped>


My /etc/shorewall/  flies:

Shorewall 1.3.10

/etc/shorewall/interfaces
net     ppp0            -                 noping
loc     eth1            detect          routestopped
loc     ppp+

/etc/shorewall/policy
loc             loc             ACCEPT
loc             net             ACCEPT
net             all              DROP         info
all               all              REJECT      info

/etc/shorewall/rules
ACCEPT          net       fw            tcp     1723
ACCEPT          net       fw            47      -
ACCEPT          fw        net           47      -
While not relevant to this problem, if you install shorewall 1.3.11, you can remove the above three rules given that you have the entry shown below in /etc/shorewall/tunnels.

ACCEPT          fw        loc           udp    137:139
The above rule allows UDP port 137 packets from your firewall to the local network. Is your local network 192.168.1.0/24? Are you seeing any Shorewall log messages about 192.168.1.255:137 ("shorewall show log")?

ACCEPT          fw        loc           tcp     137,139
ACCEPT          fw        loc           udp    1024:   137
ACCEPT          loc       fw            udp    137:139
ACCEPT          loc       fw            tcp     137,139
ACCEPT          loc       fw            udp    1024:   137

/etc/shorewall/masq
ppp0              eth1


/etc/shorewall/tunnels
pptpserver              net     0.0.0.0/0
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://shorewall.sf.net
ICQ: #60745924 \ [EMAIL PROTECTED]



-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to