Re: Should I configure a firewall to allow multicast?
- From: ibuprofin@xxxxxxxxxxxxxxxxxxxxxx (Moe Trin)
- Date: Mon, 23 Mar 2009 15:05:12 -0500
On Mon, 23 Mar 2009, in the Usenet newsgroup comp.security.firewalls, in article
<49c78ef7@xxxxxxxxxxxxx>, Dave wrote:
I'm using IP filter on a Sun workstation (IP 192.168.1.9) and see the
firewall is blocking various hosts to 192.168.1.255 port 138. Note
this machine is not a router, so really no machine on the network
should rely on this one even being running.
Let's have a look at the output of '/sbin/ifconfig -a' and
'/sbin/route -n'. This smells like a bit of confusion on your part
related to addresses used in IP.
Anyway, this is my ipfilter log, showing data from 192.168.1.101 (a
PC) port 138 and 192.168.1.128 (another PC) going to 192.168.1.255
(this is not any machine as such).
Are 192.168.1.101 and 192.168.1.128 running Samba, or windoze?
Both RFC0791 and RFC1122 were written long before "Classless
Inter-Domain Routing" (CIDR) (RFC1519), but this sounds like normal
pass out quick on eri0 proto udp from 192.168.1.0/24 to 192.168.1.255
port = 137
pass in quick on eri0 proto udp from 192.168.1.0/24 to 192.168.1.255
port = 137
You're implying that /sbin/ifconfig and /sbin/route would show a local
network running from 192.168.1.0 through 192.168.1.255 which would
show up as a network mask of 255.255.255.0 or FFFFFF00. In that case,
192.168.1.0 would be the "network address" which in SOME operating
systems can also be used as a host address, and 192.168.1.255 os the
broadcast address - received by every host on the subnet. Broadcasts
are normally used when the sending system doesn't know the correct
address of the destination, or in packets destined for all systems.
This is quite normal.
So I'm not sure if it's best to allow these packets or stop them. If
its better to allow them, which is a suitable firewall rule for
Is everything working OK? Are you simply worried that having packets
sent to this "unknown" (to you) address is/maybe harmful? I don't use
windoze or Samba, but understand that packets to the local broadcast
address are normal for that protocol.
- Prev by Date: Should I configure a firewall to allow multicast?
- Next by Date: Re: Should I configure a firewall to allow multicast?
- Previous by thread: Should I configure a firewall to allow multicast?
- Next by thread: Re: Should I configure a firewall to allow multicast?