Firewall, Solaris 2.5, subnets and broadcasts

Firewall, Solaris 2.5, subnets and broadcasts

Post by Jule » Thu, 13 Aug 1998 04:00:00



Hi,

I've got a problem with broadcasts on a subnet. It's a Sun
SPARCstation 4 running Solaris 2.5 with Firewall-1 version 3.0b. This
is how the network cards are configured:

# ifconfig -a
lo0: flags=849<UP,LOOPBACK,RUNNING,MULTICAST> mtu 8232
        inet 127.0.0.1 netmask ff000000
le0: flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST> mtu 1500
        inet 192.168.108.87 netmask fffffff0 broadcast 192.168.108.95
        ether 8:0:20:7d:1d:79
le1: flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST> mtu 1500
        inet 193.240.253.100 netmask ffffff00 broadcast
193.240.253.255
        ether 8:0:20:7d:1d:79
#

le0 is the dirty side of the firewall and le1 is the clean side. I'm
trying to get NetBT [eeeeeeuuuuuuh M$ :-( ] UDP broadcasts to pass
through the firewall in both directions. Snooping both interfaces I
can see the broadcast start on the clean side of the firewall, go on
to the dirty side, get a response and then are dropped by the
firewall. I've had some tech support guy from the company we bought
the firewall from have a look at the rules on the firewall, and he's
happy they are set up correctly to allow this to work.

What's strange is that ifconfig can see that 192.168.108.95 is the
broadcast address, but snoop doesn't display it as 'BROADCAST' but as
192.168.108.95

# snoop -d le0 | grep -i udp
Using device /dev/le (promiscuous mode)
 172.16.1.26 -> BROADCAST    UDP D=138 S=138 LEN=209
 172.16.1.21 -> BROADCAST    UDP D=137 S=137 LEN=58
 172.16.1.21 -> BROADCAST    UDP D=137 S=137 LEN=58
192.168.108.84 -> 192.168.108.95 UDP D=135 S=1037 LEN=88
 172.16.1.21 -> BROADCAST    UDP D=137 S=137 LEN=58
 172.16.1.12 -> BROADCAST    UDP D=138 S=138 LEN=182
 172.16.1.13 -> BROADCAST    UDP D=138 S=138 LEN=212
 172.16.1.12 -> BROADCAST    UDP D=138 S=138 LEN=182
 172.16.1.12 -> BROADCAST    UDP D=138 S=138 LEN=182
^C#

Any help is gratefully received,

Julian.

 
 
 

1. Route to classless subnets on solaris 2.5?

I am trying to do a:

route add net 139.119.76.0 but since I don't have any 139.119 interface
on the host I only get a route to 139.119.0.0.

I have an "139.119.0.0 255.255.255.0" entry in the /etc/netmasks file
but it doesn't do me any good.

I suppose others must have encountered this...

Thanks for any help!

Regards,
Bent-Inge Johansen
SDS a.s

2. Sharp 1MB Flash Memory on ISA

3. FS: Solaris 2.5 Desktop (CDE) and/or Solaris 2.5 Server Packages for x86 desktops

4. Sendmail v8.7.3 on Solaris Help Needed

5. Trying to DNAT to Broadcast-Adress / how can I tunnel a broadcast through a firewall

6. Starting up programs in X?

7. firewall/router - subnet/router - subnet

8. Winmodem with 2.5.45

9. firewall with solaris 2.5

10. Solaris 2.5 and Firewall v2.0

11. telnet (Solaris 2.5) vs Tis firewall (toolkit)

12. how to install solaris 2.5 x86 to 2.5 gig WD HD

13. Solaris 2.5 & NeWSprint 2.5