Blue client connects on one port to Green host but not SMB

General questions.
praful
Posts: 7

Blue client connects on one port to Green host but not SMB

Postby praful » April 21st, 2017, 1:17 pm

Hello

I have set up a firewall rule that allows my phone on the Blue (wireless) network to connect to my media centre (Win 7) on the Green network. Specifically, I created a rule that sets the source to the MAC address of the phone and the destination to be the IP address of the media centre. The port was restricted to 8080 for TCP. This works.

However, I want to allow the phone and a laptop (also on Blue) to access a share on the media centre. I created a new rule for the laptop setting the source to the laptop's MAC address and the destination to all for the media centre (with the intention of restricting it to just 445 for SMB traffic). However, this does not work! I even tried allowed all Blue to access all Green!

I note that the firewall log does have entries for FORWARDFW, eg:

Code: Select all

14:27:46   FORWARDFW   blue0   TCP   192.168.2.53   192.168.1.102   55061 445(MICROSOFT-DS)   <MAC address>


So there is some forwarding going on from Blue to Green on port 445. 192.168.2.53 is the laptop (Blue is 192.168.2.0/24) and 192.168.1.102 is the media centre (Green is 192.168.1.0/24).

Ping doesn't work either with all access. There are entries for ping in the firewall log, eg

Code: Select all

14:27:11   FORWARDFW   blue0   ICMP   192.168.2.53   192.168.1.102   <MAC address>


As mentioned, the rule works for one port opened between Blue and Green. Is there something special about opening SMB between Blue and Green?

Any help would be appreciated!

Thanks
Praful

praful
Posts: 7

Re: Blue client connects on one port to Green host but not SMB

Postby praful » April 25th, 2017, 7:33 pm

Hi

I worked that the IPFire firewall rule was correct. The media centre considered the connection attempt to be public since its coming from another subnet. Therefore, adding a firewall rule on the media centre to allow a connection from the laptop client on port 445 worked.

Praful


Return to “IPFire in General”



Who is online

Users browsing this forum: Bing [Bot] and 2 guests