Re: problem with samba / broadcastClosed, it was an IF misconfiguration.

Jean-Francois Fri, 10 Sep 2010 14:28:27 -0700

Solved, was an IF misconfiguration only.

Sorry


Le jeudi 09 septembre 2010 03:48:59, Jean-Frangois SIMON a icrit :
> Hello,
>
> I have tonight a small problem, if you could please check and see if
> something is wrong here.
> The samba share seems blocked, the packets are not broadcasted.
>
> Thanks.
>
> # tcpdump -eni pflog0
> 03:41:26.500159 rule 30/(match) block in on re1: 192.168.0.195.138 >
> 192.168.0.255.138: udp 207
> 03:41:49.296060 rule 30/(match) block in on re1: 192.168.1.186.137 >
> 192.168.1.255.137: udp 50
>
> re1: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST>
> mtu 1500
>     lladdr 00:08:64:a9:51:81
>     priority: 0
>     media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
>     status: active
>     inet6 fe80::208:54ff:fea8:5181%re1 prefixlen 64 scopeid 0x2
>     inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
>
> ext_if="re0"
> int_if="re1"
>
> set skip on lo
> match in all scrub (no-df max-mss 1440)
>
> match out on $ext_if from 192.168.1.0/24 to any nat-to ($ext_if)
>
> match in on $ext_if proto tcp from any to any port 4466 rdr-to
> 192.168.100.196
> match in on $ext_if proto tcp from any to any port 3729 rdr-to
> 192.168.100.195
> match in on $ext_if proto tcp from any to any port 3730 rdr-to
> 192.168.100.192
> match in on $ext_if proto tcp from any to any port 3731 rdr-to
> 192.168.100.193
> match in on $ext_if proto tcp from any to any port 3733 rdr-to
> 192.168.100.190
> match in on $ext_if proto tcp from any to any port 3728 rdr-to
> 192.168.100.4 match in on $ext_if proto udp from any to any port 3740
> rdr-to
> 192.168.100.187
> match in on $ext_if proto udp from any to any port 46655 rdr-to
> 192.168.100.4
> match in on $ext_if proto tcp from any to any port 3734 rdr-to
> 192.168.100.186
> match in on $ext_if proto tcp from any to any port 3727 rdr-to
> 192.168.100.183
> match in on $ext_if proto tcp from any to any port 3735 rdr-to
> 192.168.100.181
> match in on $ext_if proto {tcp,udp} from any to any port 3389 rdr-to
> 192.168.100.186
> match in on $ext_if proto tcp from any to any port 5800 rdr-to
> 192.168.100.186
> match in on $ext_if proto tcp from any to any port 5900 rdr-to
> 192.168.100.186
> match in on $ext_if proto tcp from any to any port 5801 rdr-to
> 192.168.100.181
> match in on $ext_if proto tcp from any to any port 5901 rdr-to
> 192.168.100.181
> match in on $ext_if proto tcp from any to any port 5902 rdr-to
> 192.168.100.193
> match in on $ext_if proto tcp from any to any port 5903 rdr-to
> 192.168.100.183
> match in on $ext_if proto {tcp,udp} from any to any port 80 rdr-to
> 192.168.100.184
> match in on $ext_if proto {tcp,udp} from any to any port 20 rdr-to
> 192.168.100.184
> match in on $ext_if proto tcp from any to any port 16022 rdr-to
> 192.168.100.186
> match in on $ext_if proto udp from any to any port 63112 rdr-to
> 192.168.100.186
> match in on $ext_if proto udp from any to any port 3726 rdr-to
> 192.168.100.3 match in on $ext_if proto udp from any to any port
> 31336:31341 rdr-to 192.168.100.186
>
> pass out        # connexions sortantes passantes
> block in log all    # connexions entrantes bloqueees par defaut
>
> antispoof for $ext_if
> pass in on $int_if proto icmp to any tagged macok
> pass in on $int_if proto tcp to any tagged macok
> pass in on $int_if proto udp to any tagged macok
> pass in on $ext_if proto icmp to any
> pass in on $ext_if proto {tcp,udp} to any port 3389
> pass in on $ext_if proto udp to any port 3726
> pass in on $ext_if proto tcp to any port 3727:3731
> pass in on $ext_if proto tcp to any port 3733:3735

> pass in on $ext_if proto udp to any port 3740
> pass in on $ext_if proto tcp to any port 4466
> pass in on $ext_if proto tcp to any port 5800:5801
> pass in on $ext_if proto tcp to any port 5900:5903
> pass in on $ext_if proto tcp to any port 16022
> pass in on $ext_if proto udp to any port 63112
> pass in on $ext_if proto udp to any port 46655
> pass in on $ext_if proto {tcp,udp} to any port 20
> pass in on $ext_if proto {tcp,udp} to any port 80
>
> pass in on bridge1
>
> # cat
> /etc/hostname.bridge0
>
> # ******************************************************************
> # * Pour modifier les adresses adresses MAC, modifier la section I *
> # ******************************************************************
>
> # On cree un pont filtrant
> add re1 -learn re1
>
> # *********************
> # * Section I (debut) *
> # *********************
>
> # DEBUT DES REGLES DE FILTRAGE MAC
> # Adresses MAC des postes clients connus
>
> rule pass in on re1 src c8:0a:a9:20:02:44 tag macok # PC portable JB
> rule pass in on re1 src F0:DE:F1:07:56:77 tag macok # PC portable J-F
>
> # FIN DES REGLES DE FILTRAGE MAC
>
> # *******************
> # * Section I (fin) *
> # *******************
>
> # activation du pont filtrant
> up

Re: problem with samba / broadcastClosed, it was an IF misconfiguration.

Reply via email to