Здравствуйте.
Такая проблема c виндовой рабочей группой. Есть роутер с OpenWrt на борту. На нем поднята открытая samba share. И пара компьютеров и телефонов в сети. Есть провайдерская локальная сеть в которой видно всех соседей, и от которой я бы хотел отгородиться с помощью роутера.
Получилась домашняя сеть с такой вот структурой
WORKGROUP
\\TANYA-PC
\\MICROSOF-D74FE6
\\ARCHIVE Archive
\\ARCHIVE\IPC$ IPC Service (Archive)
\\ARCHIVE\brown-box
\\ARCHIVE\gray-box
Но \\MICROSOF-D74FE6 это компьютер не из моей сети!
Лишних ip мой роутер никому не дает. И появляется он только в списке компьютеров моей виндовой группы и только после подключения к провайдерской сети. Причем ip у него нет и подключится к нему нельзя. Интересно, что при подключении компьютера к провайдерскиой сети напрямую в списке соседей такого имени нет.
В iptables на роутере закрыл все входящие соединения, все исходящие с любых портов на 135-139,445, все исходящие с 135-139,445 на любые порты. Прописал в smb.conf host allowed = 192.168.1. на всякий случай.
Не помогает. Таинственное устройство все равно появляется.
Вот мой конфиг iptables. (Он сгенерирован через web интерфейс openwrt)
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere ctstate INVALID
ACCEPT all -- anywhere anywhere
syn_flood tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
input_rule all -- anywhere anywhere
input all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere ctstate INVALID
forwarding_rule all -- anywhere anywhere
forward all -- anywhere anywhere
reject all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere ctstate INVALID
ACCEPT all -- anywhere anywhere
output_rule all -- anywhere anywhere
output all -- anywhere anywhere
Chain forward (1 references)
target prot opt source destination
zone_lan_forward all -- anywhere anywhere
zone_wan_forward all -- anywhere anywhere
Chain forwarding_lan (1 references)
target prot opt source destination
Chain forwarding_rule (1 references)
target prot opt source destination
nat_reflection_fwd all -- anywhere anywhere
Chain forwarding_wan (1 references)
target prot opt source destination
Chain input (1 references)
target prot opt source destination
zone_lan all -- anywhere anywhere
zone_wan all -- anywhere anywhere
Chain input_lan (1 references)
target prot opt source destination
Chain input_rule (1 references)
target prot opt source destination
Chain input_wan (1 references)
target prot opt source destination
Chain nat_reflection_fwd (1 references)
target prot opt source destination
Chain output (1 references)
target prot opt source destination
zone_lan_ACCEPT all -- anywhere anywhere
zone_wan_ACCEPT all -- anywhere anywhere
Chain output_rule (1 references)
target prot opt source destination
Chain reject (5 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain syn_flood (1 references)
target prot opt source destination
RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50
DROP all -- anywhere anywhere
Chain zone_lan (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT udp -- anywhere anywhere udp dpt:ssh
input_lan all -- anywhere anywhere
zone_lan_ACCEPT all -- anywhere anywhere
Chain zone_lan_ACCEPT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain zone_lan_DROP (0 references)
target prot opt source destination
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
Chain zone_lan_REJECT (1 references)
target prot opt source destination
reject all -- anywhere anywhere
reject all -- anywhere anywhere
Chain zone_lan_forward (1 references)
target prot opt source destination
zone_wan_ACCEPT tcp -- anywhere anywhere tcp dpt:www
zone_wan_ACCEPT udp -- anywhere anywhere udp dpt:80
zone_wan_REJECT tcp -- anywhere anywhere tcp spts:135:netbios-ssn
zone_wan_REJECT udp -- anywhere anywhere udp spts:135:netbios-ssn
zone_wan_REJECT tcp -- anywhere anywhere tcp spt:microsoft-ds
zone_wan_REJECT udp -- anywhere anywhere udp spt:microsoft-ds
zone_wan_REJECT tcp -- anywhere anywhere tcp dpt:microsoft-ds
zone_wan_REJECT udp -- anywhere anywhere udp dpt:microsoft-ds
zone_wan_ACCEPT all -- anywhere anywhere
forwarding_lan all -- anywhere anywhere
zone_lan_REJECT all -- anywhere anywhere
Chain zone_wan (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:bootpc
REJECT icmp -- anywhere anywhere icmp echo-request reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
input_wan all -- anywhere anywhere
zone_wan_REJECT all -- anywhere anywhere
Chain zone_wan_ACCEPT (4 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain zone_wan_DROP (0 references)
target prot opt source destination
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
Chain zone_wan_REJECT (10 references)
target prot opt source destination
reject all -- anywhere anywhere
reject all -- anywhere anywhere
Chain zone_wan_forward (1 references)
target prot opt source destination
zone_wan_REJECT tcp -- anywhere anywhere tcp dpts:135:netbios-ssn
zone_wan_REJECT udp -- anywhere anywhere udp dpts:135:netbios-ssn
forwarding_wan all -- anywhere anywhere
zone_wan_REJECT all -- anywhere anywhere
Вот ifconfig роутера на всякий случай
br-lan Link encap:Ethernet HWaddr F8:D1:11:24:82:24
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:27651 errors:0 dropped:319 overruns:0 frame:0
TX packets:57213 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3216501 (3.0 MiB) TX bytes:66186762 (63.1 MiB)
eth0 Link encap:Ethernet HWaddr F8:D1:11:24:82:24
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:68869 errors:0 dropped:0 overruns:91686 frame:0
TX packets:29771 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:67556558 (64.4 MiB) TX bytes:3774390 (3.5 MiB)
Interrupt:4
eth0.1 Link encap:Ethernet HWaddr F8:D1:11:24:82:24
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:64 errors:0 dropped:0 overruns:0 frame:0
TX packets:1769 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4891 (4.7 KiB) TX bytes:298745 (291.7 KiB)
eth0.2 Link encap:Ethernet HWaddr F8:D1:11:24:82:24
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:68791 errors:0 dropped:564 overruns:0 frame:0
TX packets:28001 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:66579866 (63.4 MiB) TX bytes:3355522 (3.1 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:139 errors:0 dropped:0 overruns:0 frame:0
TX packets:139 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:16756 (16.3 KiB) TX bytes:16756 (16.3 KiB)
mon.wlan0 Link encap:UNSPEC HWaddr F8-D1-11-24-82-24-00-47-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1195 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:97958 (95.6 KiB) TX bytes:0 (0.0 B)
pppoe-wan Link encap:Point-to-Point Protocol
inet addr:178.217.68.38 P-t-P:195.93.129.54 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:36432 errors:0 dropped:0 overruns:0 frame:0
TX packets:16616 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:41416719 (39.4 MiB) TX bytes:2399436 (2.2 MiB)
wlan0 Link encap:Ethernet HWaddr F8:D1:11:24:82:24
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:28056 errors:0 dropped:0 overruns:0 frame:0
TX packets:59183 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:3706921 (3.5 MiB) TX bytes:67691936 (64.5 MiB)
Посоветуйте, пожалуйста, чего-нибудь по проблеме.