[Samba] samba 3.0.7 and os/2

greg at fqdn.com greg at fqdn.com
Mon Nov 1 12:26:43 GMT 2004 

Basically,  proxy arping is where the firewall will claim to have the MAC
address which it does not,  and forward traffic with this MAC address as
its destination off to the node which has this  MAC.

ARP does it thing with broadcasts,  it is not a port based service.  You
would have to turn on broadcast forwarding or similar..  I'm not to
familiar with linux based fire wall systems.  ARPs main goal in life is to
map IP addresses to hardware addresses (MAC) used by IP (or another data
link protocol).


I think a WINS like service is your best bet,  or push an lmhosts file
around.  This may negate firewall modifications.

have a great day,
greg






> greg wrote:
>
>  >  >Does a firewall normally mess with arp?
>  >
>  > In a typical setup,  yes.  Layer 3 devices usually will not forward
> arps (or any broadcast traffic for that matter)  received on an interface
> out the others.   You would have to use proxy arping on the firewall or
> similar if you required this to happen.   The better way to go about it I
> suspect is to use a WINS service.
>  >
>    May be. What is proxy arp'ing?
>    But that does not really answer my question which, upon reflection, may
> not have been clear.
>    What port is the firewall blocking? In the Suse firewall config file
> there is:
> FW_SERVICES_EXT_TCP="139 445 760 http https imap imaps nfs smtp ssh"
> FW_SERVICES_EXT_UDP="137 138 760 788:799 nfs 111"
>
>    Yet when I attempt to access the linux server, I find this in the
> messages log:
> Oct 31 16:52:34 sma-server2 kernel: SFW2-DROP-BCASTe IN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:03:ff:29:24:34:08:00 SRC=192.168.69.201
> DST=192.168.69.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=140 PROTO=UDP
> SPT=137 DPT=137 LEN=58
>
>    00:03:ff:29:24:34/192.168.69.201 is the MAC/IP of the host requesting
> info. The firewall dropped the broadcast packet even though the firewall
> is configured to allow it. Am I reading the logs correctly?
>
> --
> jimoe at sohnen-moe dot com
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

When things get weird, the weird turn pro.

When things get weird, the weird turn pro.

More information about the samba mailing list