smb browsing broken by firewall
Dan Williams
dcbw at redhat.com
Mon Jan 19 22:01:23 UTC 2004
Slight correction,
255.255.255.255 is the broadcast address for _all_ subnets the machine
may be on, to everywhere. (also MAC FF:FF:FF:FF:FF:FF)
A local subnet broadcast address is, for example:
IP address: 10.0.0.50
Local broadcast: 10.0.0.255
Subnet mask: 255.255.255.0
If all "host" bits of the address are 1, then the address is a broadcast
address on the local subnet _only_, as long as all the "network" bits
match the "network" bit range in the machine's IP address.
Dan
On Mon, 2004-01-19 at 15:37, shane at geeklords.org wrote:
> On Mon, 19 Jan 2004, Charles R. Anderson wrote:
>
> > You would have to open the port from all hosts within the subnet to
> > which the broadcast was originally sent. That's the point of a
> > broadcast query. The dst-ip/dst-protocol/dst-port/src-port would
> > still have to match the previous state.
>
> I must be missing something obvious.... but if we are dealing with
> broadcasts, the layer3 destination IP address is 255.255.255.255 (match
> anything). So unless I am being dense (quite possible) such a patch would
> in affect open the netbios port to everyone (not just on the local
> segment) for 10 seconds after every broadcast "query". If the above is
> true, said device would have its netbios port open to anybody
> (255.255.255.255) a lot (depending on usage).
>
> Shane.
>
> --
> "Given enough time, all legal battles in the tech industry will invoke the
> DMCA. This generally means that all constructive arguments have ended."
> -NialScorva (slashdot poster)
>
More information about the fedora-devel-list
mailing list