On Wed, Nov 04, 1998 at 05:13:05PM -0000, Mark Tiramani wrote:
> can anyone help with this (my brain's too small and I conclude I don't
> understand the filtering rules properly :))
Here's my advice:
Use the `interfaces =' directive in smb.conf (man smb.conf) to restrict
Samba to the Ethernet, not the diald interfaces.
Add a line with
netbios-ssn 139/tcp nbssn
to your /etc/services if you don't already have it.
On every boot (like in /etc/rc.d/rc.local) do:
ipfwadm -O -a reject -S 0.0.0.0/0 netbios-ns -P tcp -W sl0
ipfwadm -O -a reject -S 0.0.0.0/0 netbios-ns -P tcp -W ppp0
ipfwadm -O -a reject -S 0.0.0.0/0 netbios-ns -P udp -W sl0
ipfwadm -O -a reject -S 0.0.0.0/0 netbios-ns -P udp -W ppp0
ipfwadm -O -a reject -S 0.0.0.0/0 netbios-dgm -P tcp -W sl0
ipfwadm -O -a reject -S 0.0.0.0/0 netbios-dgm -P tcp -W ppp0
ipfwadm -O -a reject -S 0.0.0.0/0 netbios-dgm -P udp -W sl0
ipfwadm -O -a reject -S 0.0.0.0/0 netbios-dgm -P udp -W ppp0
ipfwadm -O -a reject -S 0.0.0.0/0 netbios-ssn -P tcp -W sl0
ipfwadm -O -a reject -S 0.0.0.0/0 netbios-ssn -P tcp -W ppp0
Go through all your W95 machines making sure none of them are
set to use DNS for NetBIOS names.
Add the name of your workgroup to /etc/hosts as an alias for your
own machine
If all that doesn't work, install a cacheing name server to catch
stray Samba name queries.
There's no harm in adding this stuff to diald's conf files,
too, but since you don't want Samba on the PPP link anyway,
you might as well use ipfwadm.
--
Erik Corry [EMAIL PROTECTED] Ceterum censeo, Microsoftem esse delendam!
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
