problem with samba / broadcast

Wed, 08 Sep 2010 18:52:25 -0700 

Hello,

I have tonight a small problem, if you could please check and see if
something is wrong here.
The samba share seems blocked, the packets are not broadcasted.

Thanks.

# tcpdump -eni pflog0
03:41:26.500159 rule 30/(match) block in on re1: 192.168.0.195.138 >
192.168.0.255.138: udp 207
03:41:49.296060 rule 30/(match) block in on re1: 192.168.1.186.137 >
192.168.1.255.137: udp 50

re1: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> mtu
1500
    lladdr 00:08:64:a9:51:81
    priority: 0
    media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
    status: active
    inet6 fe80::208:54ff:fea8:5181%re1 prefixlen 64 scopeid 0x2
    inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255

ext_if="re0"
int_if="re1"

set skip on lo
match in all scrub (no-df max-mss 1440)

match out on $ext_if from 192.168.1.0/24 to any nat-to ($ext_if)

match in on $ext_if proto tcp from any to any port 4466 rdr-to
192.168.100.196
match in on $ext_if proto tcp from any to any port 3729 rdr-to
192.168.100.195
match in on $ext_if proto tcp from any to any port 3730 rdr-to
192.168.100.192
match in on $ext_if proto tcp from any to any port 3731 rdr-to
192.168.100.193
match in on $ext_if proto tcp from any to any port 3733 rdr-to
192.168.100.190
match in on $ext_if proto tcp from any to any port 3728 rdr-to 192.168.100.4
match in on $ext_if proto udp from any to any port 3740 rdr-to
192.168.100.187
match in on $ext_if proto udp from any to any port 46655 rdr-to
192.168.100.4
match in on $ext_if proto tcp from any to any port 3734 rdr-to
192.168.100.186
match in on $ext_if proto tcp from any to any port 3727 rdr-to
192.168.100.183
match in on $ext_if proto tcp from any to any port 3735 rdr-to
192.168.100.181
match in on $ext_if proto {tcp,udp} from any to any port 3389 rdr-to
192.168.100.186
match in on $ext_if proto tcp from any to any port 5800 rdr-to
192.168.100.186
match in on $ext_if proto tcp from any to any port 5900 rdr-to
192.168.100.186
match in on $ext_if proto tcp from any to any port 5801 rdr-to
192.168.100.181
match in on $ext_if proto tcp from any to any port 5901 rdr-to
192.168.100.181
match in on $ext_if proto tcp from any to any port 5902 rdr-to
192.168.100.193
match in on $ext_if proto tcp from any to any port 5903 rdr-to
192.168.100.183
match in on $ext_if proto {tcp,udp} from any to any port 80 rdr-to
192.168.100.184
match in on $ext_if proto {tcp,udp} from any to any port 20 rdr-to
192.168.100.184
match in on $ext_if proto tcp from any to any port 16022 rdr-to
192.168.100.186
match in on $ext_if proto udp from any to any port 63112 rdr-to
192.168.100.186
match in on $ext_if proto udp from any to any port 3726 rdr-to 192.168.100.3
match in on $ext_if proto udp from any to any port 31336:31341 rdr-to
192.168.100.186

pass out        # connexions sortantes passantes
block in log all    # connexions entrantes bloqueees par defaut

antispoof for $ext_if
pass in on $int_if proto icmp to any tagged macok
pass in on $int_if proto tcp to any tagged macok
pass in on $int_if proto udp to any tagged macok
pass in on $ext_if proto icmp to any
pass in on $ext_if proto {tcp,udp} to any port 3389
pass in on $ext_if proto udp to any port 3726
pass in on $ext_if proto tcp to any port 3727:3731
pass in on $ext_if proto tcp to any port 3733:3735
pass in on $ext_if proto udp to any port 3740
pass in on $ext_if proto tcp to any port 4466
pass in on $ext_if proto tcp to any port 5800:5801
pass in on $ext_if proto tcp to any port 5900:5903
pass in on $ext_if proto tcp to any port 16022
pass in on $ext_if proto udp to any port 63112
pass in on $ext_if proto udp to any port 46655
pass in on $ext_if proto {tcp,udp} to any port 20
pass in on $ext_if proto {tcp,udp} to any port 80

pass in on bridge1

# cat
/etc/hostname.bridge0

# ******************************************************************
# * Pour modifier les adresses adresses MAC, modifier la section I *
# ******************************************************************

# On cree un pont filtrant
add re1 -learn re1

# *********************
# * Section I (debut) *
# *********************

# DEBUT DES REGLES DE FILTRAGE MAC
# Adresses MAC des postes clients connus

rule pass in on re1 src c8:0a:a9:20:02:44 tag macok # PC portable JB
rule pass in on re1 src F0:DE:F1:07:56:77 tag macok # PC portable J-F

# FIN DES REGLES DE FILTRAGE MAC

# *******************
# * Section I (fin) *
# *******************

# activation du pont filtrant
up

Reply via email to