Re: [Fwbuilder-discussion] debugging SAMBA/Netbios port 138 broadcasts
Brought to you by:
mikehorn
From: OpenMacNews <fwb...@sp...> - 2004-08-30 21:06:43
|
>> hi, >> >> i've just installed a SAMBA server on my LAN, for use/broadcast ONLY >> inside the LAN. >> >> despite all other internal traffic flowing along nicely, i'm seeing >> related port 138 traffice caught by my Global Catch-all rule: >> >> >> Aug 30 12:54:05 linksys kernel: [Catch: global(20) DENY] IN=br0 >> OUT= MAC=ff:ff:ff:ff:ff:ff:00:00:46:d3:e2:1b:82:00 SRC=10.0.0.2 >> DST=10.0.0.255 LEN=234 TOS=0x00 PREC=0x00 TTL=64 ID=35443 PROTO=UDP >> SPT=138 DPT=138 LEN=214 >> > > these are broadcast packets, that's why your firewall sees them. There is no harm in blocking them on the firewall; it would not be able, or need to, use them anyway. understood. but isn't a BROADCAST considered lan-to-lan traffic? and therefore should not be 'generically' blocked under any circumstance? AFAIK, there's no specific rule *prohibiting* this traffic ... at the very least, which specific rule needs to be enable to ensure that these packets -- even tho caught -- are not logged by the global catch-all? richardf |