From nobody@FreeBSD.ORG  Thu Dec 16 06:41:11 1999
Return-Path: <nobody@FreeBSD.ORG>
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id C1F2F14E17; Thu, 16 Dec 1999 06:41:11 -0800 (PST)
Message-Id: <19991216144111.C1F2F14E17@hub.freebsd.org>
Date: Thu, 16 Dec 1999 06:41:11 -0800 (PST)
From: matheny@cs.purdue.edu
Sender: nobody@FreeBSD.ORG
To: freebsd-gnats-submit@freebsd.org
Subject: Firewall/FIltering Problems
X-Send-Pr-Version: www-1.0

>Number:         15515
>Category:       misc
>Synopsis:       Firewall/FIltering Problems
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Dec 16 06:50:01 PST 1999
>Closed-Date:    Wed Jan 19 02:18:02 PST 2000
>Last-Modified:  Wed Jan 19 02:19:35 PST 2000
>Originator:     Blake Matheny
>Release:        3.3 i386
>Organization:
Purdue University
>Environment:
FreeBSD newfirewall.sdatebooks.com 3.3-RELEASE FreeBSD 3.3-RELEASE #0: Thu Oct 7 13:37:40 EST 1999     root@sdatebooks.com:/usr/src/sys/compile/FIREWALL i386
>Description:
On a freebsd 3.3 firewall the ipfw rule is set to open. However, ports 137-139 appear as filtered when a portscan is done. We have checked with the DSL provider and the DSL modem manufacturer to see if the modem has filtering capabilities or the service provider filters and the answer to these questions was no. Question: Why would the ports come back with filtered if were not using a tcp wrapper and the firewall type is open?
>How-To-Repeat:

>Fix:


>Release-Note:
>Audit-Trail:

From: Ruslan Ermilov <ru@FreeBSD.ORG>
To: matheny@cs.purdue.edu
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: misc/15515: Firewall/FIltering Problems
Date: Fri, 17 Dec 1999 11:04:26 +0200

 On Thu, Dec 16, 1999 at 06:41:11AM -0800, matheny@cs.purdue.edu wrote:
 > 
 > On a freebsd 3.3 firewall the ipfw rule is set to open. However,
 > ports 137-139 appear as filtered when a portscan is done.
 > 
 What do you mean by "appear as filtered"?
 
 > We have checked with the DSL provider and the DSL modem manufacturer
 > to see if the modem has filtering capabilities or the service provider
 > filters and the answer to these questions was no.
 > Question: Why would the ports come back with filtered if were not
 > using a tcp wrapper and the firewall type is open?
 > 
 Either you're using non-stock version of /etc/rc.firewall, or nothing
 is listening on 137-139.
 
 What do the following commands output:
 
 # ipfw show
 # netstat -an -finet | awk '$4 ~ "13[7-9]$" {print $0}'
 
 
 Cheers,
 -- 
 Ruslan Ermilov		Sysadmin and DBA of the
 ru@ucb.crimea.ua	United Commercial Bank,
 ru@FreeBSD.org		FreeBSD committer,
 +380.652.247.647	Simferopol, Ukraine
 
 http://www.FreeBSD.org	The Power To Serve
 http://www.oracle.com	Enabling The Information Age
 
State-Changed-From-To: open->closed 
State-Changed-By: ru 
State-Changed-When: Wed Jan 19 02:18:02 PST 2000 
State-Changed-Why:  
Cannot reproduce, and originator does not respond within a reasonable 
amount of time (one month).  Believed to be a pilot error. 
>Unformatted:
