RE: NetBios iptables trouble with small TCP packets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




From: "Mark E. Donaldson" <markee@xxxxxxxxxxxxxxx>
Reply-To: <markee@xxxxxxxxxxxxxxx>
To: "'sp3 sp3'" <sp3@xxxxxxxxxxx>, <netfilter@xxxxxxxxxxxxxxxxxxx>
Subject: RE: NetBios iptables trouble with small TCP packets
Date: Fri, 2 Jan 2004 19:41:02 -0800

Questions:

1. Are we to assume that large files (>256kb) transfer just fine? Or, is
there a problem with them too?

No, there is no problem with big files.


2. Which direction is the transfer? NT -> W2K or W2K -> NT?

W2K -> NT.


3. By transfer, do you really mean "copy" using File & Print sharing?  I'm
assuming this to be the case you say you are using NBT.

I map a network drive, autehntication is requested, and the network drive is mapped with success.
Yes, copy and paste. 

4.  Are these machines (both NT & W2K) members of a domain, and if so is it
the same domain?

NT is member of a domain. W2K is not member of any domain.

What is the setup here.

On the NT server we have some files that must be accessed by the w2k machines (on the other network). Each w2k machine have as the default gateway the firewall that does the source nat.
To reach the nt server, i'm not using NetBios names nor lmhosts, just plain ip address.

This is necessary to know because
SMB must negotiate the means of authentication and then authenticate before
any transfer can take place.


5.  What rules do you have in place that you feel should permit the SMB
packets to pass through the firewall?

I dont filter any traffic that exits the firewall via output nor via forward.
The default policy for forward is accept, for output is accept and for input is drop.
At the input chain i permit all the established and related traffic.
I permit just ssh on the input chain. All the rest is logged.
Any suspicios packet (invalid IP and or netmask is logged and dropped).

I have tested the same rules with another firewall runnig the same linux version, and all is ok.


6.  What does the "Windump" output on the sending machine show for the
packets generated during the "hang period" when run as "windump -n -vv -xX
-i2"?

I dont know what windump is, but it seams looking at the parametrs that it is something like tcpdump.

I have runned a tcpdump on the exterior interface of the fw, and saw nothing suspecios. The source IP was the firewall (source nat ok) and the destination was ok too.
The last packet that is sent has the direction of fw->NT and i dont seen any repply (ack) to it.
After some time the nag error message just displays it self on the W2K machine.

I will post the windump/tcpdump result on my next message to the list.


Thanks for the repply.

_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux