LonkNY
January 15th, 2009, 10:20 PM
Hi all,
I am hoping someone can help me resolve this issue. I have a new networked hard drive that uses NDAS (specifically from www.ximeta.com - using latest version - here is the manual (http://www.ximeta.com/web/webTemp/html/zbxe//?module=file&act=procFileDownload&file_srl=2401&sid=5127b307188ae8f133eadb92ed9fe231)) that works fine as long as Internet Filtering is disabled in LnS... once I enable it, the drive loses connectivity.
Here is the problem - the log entries being generated are very generic and based on several different MAC addresses... why would there be more than 2 MAC Addresses (1 for the device itself and 1 for the NDAS service on my system) involved? One of the MAC addresses is FF:FF:FF:FF:FF:FF - does this MAC address mean anything in particular? As recommended in the user guide, I have added the appropriate .EXE files to the Application Filtering exclusion list, but this has nothing to do with application filtering... it is strictly Internet Filtering in LnS...
Can I create rules that allow any traffic to and from these MAC addresses? I am concerned that I am going to screw up the rules and essentially disable Internet Filtering because the new rules I create are opening my computer up to everything... Someone in a previous post said that they used the simple LAN file sharing rules from the LnS website, but I already have these imported and it is not working. Here are some screenshots for your information:
http://i385.photobucket.com/albums/oo292/lonkny/Log.jpg
http://i385.photobucket.com/albums/oo292/lonkny/LogEntries.jpg
I have found as many as 5 MAC addresses that are now being blocked as a result of setting up this drive & NDAS software:
04:22:B6:74:18:FD
01:80:C2:00:00:00
00:04:4B:15:B5:2C
00:0B:D0:40:52:6D
FF:FF:FF:FF:FF:FF
So I have created rules based on these MAC addresses in LnS Internet Filtering, like this:
http://i385.photobucket.com/albums/oo292/lonkny/Rule1.jpg
Is this asking for trouble? What about the FF:FF:FF:FF:FF:FF MAC? Is this a generic MAC address or something?
What is also strange is that even though I have 6 rules for every combination of MAC addresses above, I am still logging entries for the "All other packets" bottom level rule, but the MAC addresses are the same as the MAC's in my Permit rules. The NDAS network drive is working even though the "All other packets" block rule is still being generated...
I notice also under the "Additional" column in the log, that the "Type Ethernet" being blocked is 88AD or 0026 - is there a safe way to create rules based on this (I have the RAW rule plugin installed and see that ETH rules can be setup, but have no idea how it all works)? Would this be safer than setting up rules based on the MAC addresses? What does the Type Ethernet: 88AD or 0026 mean?
Please let me know if anyone has a best practices suggestion for setting this up so it works but still keeps me protected from Internet traffic/threats.
Any help is much appreciated - thanks!
LonkNY
I am hoping someone can help me resolve this issue. I have a new networked hard drive that uses NDAS (specifically from www.ximeta.com - using latest version - here is the manual (http://www.ximeta.com/web/webTemp/html/zbxe//?module=file&act=procFileDownload&file_srl=2401&sid=5127b307188ae8f133eadb92ed9fe231)) that works fine as long as Internet Filtering is disabled in LnS... once I enable it, the drive loses connectivity.
Here is the problem - the log entries being generated are very generic and based on several different MAC addresses... why would there be more than 2 MAC Addresses (1 for the device itself and 1 for the NDAS service on my system) involved? One of the MAC addresses is FF:FF:FF:FF:FF:FF - does this MAC address mean anything in particular? As recommended in the user guide, I have added the appropriate .EXE files to the Application Filtering exclusion list, but this has nothing to do with application filtering... it is strictly Internet Filtering in LnS...
Can I create rules that allow any traffic to and from these MAC addresses? I am concerned that I am going to screw up the rules and essentially disable Internet Filtering because the new rules I create are opening my computer up to everything... Someone in a previous post said that they used the simple LAN file sharing rules from the LnS website, but I already have these imported and it is not working. Here are some screenshots for your information:
http://i385.photobucket.com/albums/oo292/lonkny/Log.jpg
http://i385.photobucket.com/albums/oo292/lonkny/LogEntries.jpg
I have found as many as 5 MAC addresses that are now being blocked as a result of setting up this drive & NDAS software:
04:22:B6:74:18:FD
01:80:C2:00:00:00
00:04:4B:15:B5:2C
00:0B:D0:40:52:6D
FF:FF:FF:FF:FF:FF
So I have created rules based on these MAC addresses in LnS Internet Filtering, like this:
http://i385.photobucket.com/albums/oo292/lonkny/Rule1.jpg
Is this asking for trouble? What about the FF:FF:FF:FF:FF:FF MAC? Is this a generic MAC address or something?
What is also strange is that even though I have 6 rules for every combination of MAC addresses above, I am still logging entries for the "All other packets" bottom level rule, but the MAC addresses are the same as the MAC's in my Permit rules. The NDAS network drive is working even though the "All other packets" block rule is still being generated...
I notice also under the "Additional" column in the log, that the "Type Ethernet" being blocked is 88AD or 0026 - is there a safe way to create rules based on this (I have the RAW rule plugin installed and see that ETH rules can be setup, but have no idea how it all works)? Would this be safer than setting up rules based on the MAC addresses? What does the Type Ethernet: 88AD or 0026 mean?
Please let me know if anyone has a best practices suggestion for setting this up so it works but still keeps me protected from Internet traffic/threats.
Any help is much appreciated - thanks!
LonkNY