smb browsing broken by firewall
Charles R. Anderson
cra at WPI.EDU
Tue Jan 20 04:47:00 UTC 2004
On Mon, Jan 19, 2004 at 02:07:39PM -0800, shane at geeklords.org wrote:
> In this case it was my understanding that netbios over tcp/ip uses _The_
> broadcast address? :)
I believe SMB always uses the subnet broadcast address, but it doesn't
matter either way. Broadcasts are not usually forwarded across
routers, and directed broadcasts to remote subnets are usually blocked
outright, due to the DoS implications. Therefore, even a
255.255.255.255 query would only necessarily need to see response
packets from the local subnet. Therefore it should be sufficient to
allow incoming packets from sources that match:
(network_address_of_outgoing_broadcast_inteface/netmask).
along with the other criteria of protocol and src/dst port numbers.
More information about the fedora-devel-list
mailing list