Hmmmm, This is interesting, I've had 137-139 filtered on the backbone T1's for better than a year....I also have them filtered on another NAS (not 3COM). I'll be working on this again early next week and will let you know. Steve
I'm pretty sure that you will lose the ability to send DNS responses through your filter.
DNS has a dest port number of 53 (udp) but a src port number (the packet coming from the windows machine) will be 137-9. I've tried to filter netbios via filters, cut off ALL 137-139 traffic, and the windows PC would not load pages, get DNS info, nothing. I tried this with 95 using Winsock 1, I haven't tried 98, but my guess is that it will be the same.
Let me know if it works for you.
Paul Farber Farber Technology farber@admin.f-tech.net Ph 570-628-5303 Fax 570-628-5545
On Fri, 26 Nov 1999, Steve Sherwick wrote:
Which is essentially the reason for wanting a user filter, I have
people
bouncing around in each others Network Neighborhoods. While instruction would be better 98% of my customer traffic will never need to use CIFS. The small proportion that might should be running VPN anyway. Also if someone needs it I can drill a hole for them.
It's pretty much a reaction to bad press here due to the Cable Access providers. They had a rash of people getting directory listings of customer hard drives and emailing them to their customer base. Things like bank account balances and indexes of their porn collections <sigh>.
So basicly I get to be my brothers keeper.....
Regards,
Steve
If you're talking windows machines you gotta be carefull about ports 137-139. Windows does ALL access to the outside world through those 3 ports. If you filter them you will most likely sever any connection it tries to make.
Paul Farber Farber Technology farber@admin.f-tech.net Ph 570-628-5303 Fax 570-628-5545
On Thu, 25 Nov 1999, Steve Sherwick wrote:
Well I'm playing around again...
I am attempting to install a user filter to suppress the flow of
CIFS
(SMB) communications through the HiPer ARC. My intent is to control the filters behavior by way of RADIUS and the Framed-Filter-Id= reply item.
I understand the technology portion of it but getting the nuances is kinda slowing me down.
I understand I need to create a named filter (In this case I named it NOCIFS) which I have managed to do with HARM. This is the filter.
#filter IP: 1 REJECT udp-src-port = 137; 2 REJECT udp-src-port = 138; 3 REJECT udp-src-port = 139;
I'm making the assumption that unlike many routers you may selectively Reject without having to allow everything else again.
According to the minimal documentation I've found there has to be a NOCIFS.IN and a NOCIFS.OUT file in the ARC for this to work. HARM however does not allow you to create a named filter with an extension. Does it create an in and an out automagically?? Or how does one do this??? In other words, how does HARM differentiate an In from an Out???
I'm fairly sure I can fool around with the CLI and get this to fly but the HARM should be able to handle it.
Anyway, am I even close to getting this to run <grin>....
Regards,
Steve Sherwick
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.