From nobody@FreeBSD.ORG Thu Dec 16 06:41:11 1999 Return-Path: Received: by hub.freebsd.org (Postfix, from userid 32767) id C1F2F14E17; Thu, 16 Dec 1999 06:41:11 -0800 (PST) Message-Id: <19991216144111.C1F2F14E17@hub.freebsd.org> Date: Thu, 16 Dec 1999 06:41:11 -0800 (PST) From: matheny@cs.purdue.edu Sender: nobody@FreeBSD.ORG To: freebsd-gnats-submit@freebsd.org Subject: Firewall/FIltering Problems X-Send-Pr-Version: www-1.0 >Number: 15515 >Category: misc >Synopsis: Firewall/FIltering Problems >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Dec 16 06:50:01 PST 1999 >Closed-Date: Wed Jan 19 02:18:02 PST 2000 >Last-Modified: Wed Jan 19 02:19:35 PST 2000 >Originator: Blake Matheny >Release: 3.3 i386 >Organization: Purdue University >Environment: FreeBSD newfirewall.sdatebooks.com 3.3-RELEASE FreeBSD 3.3-RELEASE #0: Thu Oct 7 13:37:40 EST 1999 root@sdatebooks.com:/usr/src/sys/compile/FIREWALL i386 >Description: On a freebsd 3.3 firewall the ipfw rule is set to open. However, ports 137-139 appear as filtered when a portscan is done. We have checked with the DSL provider and the DSL modem manufacturer to see if the modem has filtering capabilities or the service provider filters and the answer to these questions was no. Question: Why would the ports come back with filtered if were not using a tcp wrapper and the firewall type is open? >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: From: Ruslan Ermilov To: matheny@cs.purdue.edu Cc: freebsd-gnats-submit@FreeBSD.ORG Subject: Re: misc/15515: Firewall/FIltering Problems Date: Fri, 17 Dec 1999 11:04:26 +0200 On Thu, Dec 16, 1999 at 06:41:11AM -0800, matheny@cs.purdue.edu wrote: > > On a freebsd 3.3 firewall the ipfw rule is set to open. However, > ports 137-139 appear as filtered when a portscan is done. > What do you mean by "appear as filtered"? > We have checked with the DSL provider and the DSL modem manufacturer > to see if the modem has filtering capabilities or the service provider > filters and the answer to these questions was no. > Question: Why would the ports come back with filtered if were not > using a tcp wrapper and the firewall type is open? > Either you're using non-stock version of /etc/rc.firewall, or nothing is listening on 137-139. What do the following commands output: # ipfw show # netstat -an -finet | awk '$4 ~ "13[7-9]$" {print $0}' Cheers, -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank, ru@FreeBSD.org FreeBSD committer, +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age State-Changed-From-To: open->closed State-Changed-By: ru State-Changed-When: Wed Jan 19 02:18:02 PST 2000 State-Changed-Why: Cannot reproduce, and originator does not respond within a reasonable amount of time (one month). Believed to be a pilot error. >Unformatted: