Re: Two Steps Forward, Several Steps Back

Tue, 23 Nov 1999 16:55:05 -0800 

> >>>>> "ED" == Edward Dekkers <[EMAIL PROTECTED]> writes:
> 
>     ED> Sorry, but you DO still blame this on Windows 98 I'm afraid. Windows
>     ED> 98 is hopeless. When broadcasting NETBIOS packets, it also triggers
>     ED> DNS packets.  This is to search for new PC's on your network. Linux
>     ED> doesn't know what it's looking for and 'forwards' it. It's normal and
>     ED> I've been pissed off with it for years. Apparently the way to fix it
>     ED> is to MASQ out any netbios packets before they even get to diald.
> 
> So what do I add to my standard.filters to filter this out?  The stock file
> contains the following relevant lines:
> 
>         ignore udp udp.source=udp.netbios-ns,udp.dest=udp.netbios-ns
>         accept udp 30 udp.dest=udp.netbios-ns
>         accept udp 30 udp.source=udp.netbios-ns
> 
> This, obviously, does not filter out the DNS request.  How do I tell diald to
> ignore it?  Barring that, how do I use ipchains to force it to be ignored
> before it even hits diald?

How about the following:

ipchains -A input -p udp -s 0.0.0.0/0 netbios-ns  -j DENY 
ipchains -A input -p udp -d 0.0.0.0/0 netbios-ns  -j DENY 
ipchains -A input -p udp -s 0.0.0.0/0 netbios-ssn -j DENY 
ipchains -A input -p udp -d 0.0.0.0/0 netbios-ssn -j DENY 
ipchains -A input -p udp -s 0.0.0.0/0 netbios-dgm -j DENY 
ipchains -A input -p udp -d 0.0.0.0/0 netbios-dgm -j DENY 
ipchains -A input -p tcp -s 0.0.0.0/0 netbios-ns  -j DENY 
ipchains -A input -p tcp -d 0.0.0.0/0 netbios-ns  -j DENY 
ipchains -A input -p tcp -s 0.0.0.0/0 netbios-ssn -j DENY 
ipchains -A input -p tcp -d 0.0.0.0/0 netbios-ssn -j DENY 
ipchains -A input -p tcp -s 0.0.0.0/0 netbios-dgm -j DENY 
ipchains -A input -p tcp -d 0.0.0.0/0 netbios-dgm -j DENY 

These are the ipchains rules I have set up on my machine.
 
> I dropped tap support by aliasing it to 'off' in my conf.modules, and now my
> connections work.  Hmmmm.  I'd like to know what I am doing wrong so would
> appreciate any pointers you could provide.

My tap interface works just fine, configured in the standard way.

Tim

-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]

Reply via email to