At 20:50 02.11.2002, linux power said: --------------------[snip]--------------------
>It seems that masqureade use netbios-ns port to broadcast for the whole >world thats its seeking a vacant ip address.That it a major firewall >problem in my computer because I cant close the netbios ports, and result >in hacking attempts all the time. --------------------[snip]-------------------- I don't think so, this might be a DHCP issue. You're using iptables? Insert something like that into your firewall script: # -------------------------------------------- # the SMB table is executed for all NetBios related traffic # -------------------------------------------- /sbin/iptables -N SMB # allow traffic to/from the specified IP's /sbin/iptables -A SMB -s xxx.xxx.xxx.xxx -j ACCEPT # xxx's machine /sbin/iptables -A SMB -d xxx.xxx.xxx.xxx -j ACCEPT /sbin/iptables -A SMB -s xxx.xxx.xxx.xx -j ACCEPT # yyy's machine /sbin/iptables -A SMB -d xxx.xxx.xxx.xx -j ACCEPT # and kill everything else /sbin/iptables -A SMB -j DROP # -------------------------------------------- # the SILENTDROP table filters out all NetBios traffic # -------------------------------------------- /sbin/iptables -N SILENTDROP /sbin/iptables -A SILENTDROP -p tcp --dport 137 -j SMB /sbin/iptables -A SILENTDROP -p tcp --dport 138 -j SMB /sbin/iptables -A SILENTDROP -p tcp --dport 139 -j SMB /sbin/iptables -A SILENTDROP -p tcp --dport 445 -j SMB /sbin/iptables -A SILENTDROP -p udp --dport 137 -j SMB /sbin/iptables -A SILENTDROP -p udp --dport 138 -j SMB /sbin/iptables -A SILENTDROP -p udp --dport 139 -j SMB /sbin/iptables -A SILENTDROP -p udp --dport 445 -j SMB /sbin/iptables -A SILENTDROP -p tcp --sport 137 -j SMB /sbin/iptables -A SILENTDROP -p tcp --sport 138 -j SMB /sbin/iptables -A SILENTDROP -p tcp --sport 139 -j SMB /sbin/iptables -A SILENTDROP -p tcp --sport 445 -j SMB /sbin/iptables -A SILENTDROP -p udp --sport 137 -j SMB /sbin/iptables -A SILENTDROP -p udp --sport 138 -j SMB /sbin/iptables -A SILENTDROP -p udp --sport 139 -j SMB /sbin/iptables -A SILENTDROP -p udp --sport 445 -j SMB # -------------------------------------------- # insert these at the top for the INPUT, OUTPUT, and FORWARD tables # assuming eth0 is the interface to the internet, and eth1 to internal network # -------------------------------------------- /sbin/iptables -A INPUT -i eth1 -j SILENTDROP /sbin/iptables -A INPUT -i eth0 -j SILENTDROP /sbin/iptables -A OUTPUT -i eth1 -j SILENTDROP /sbin/iptables -A OUTPUT -i eth0 -j SILENTDROP /sbin/iptables -A FORWARD -i eth1 -j SILENTDROP /sbin/iptables -A FORWARD -i eth0 -j SILENTDROP Taken (and shortened) from our firewall script which seems to work perfectly on this issue... -- >O Ernest E. Vogelsinger /~\ The ASCII (\) ICQ #13394035 \ / Ribbon Campaign ^ X Against / \ HTML Email -- redhat-list mailing list unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list