[ale] Firewalling question
Gary Maltzen
maltzen at mm.com
Wed May 5 17:08:59 EDT 1999
Ports 137/138/139 are NetBIOS/SMB/Samba network requests.
First guess: you've got a DSL or cable connection to the Internet, shared by
other users who have chosen 192.168.1 for their private intranet as well -
but they may not have firewalled their systems...
-----Original Message-----
From: Christopher R. McNabb <ilive at mindspring.com>
I'm using SuSE 5.3 and have setup Firewalling and Masquerading. All seems
to work fine, but I'm seeing strange entries in my logs.
May 2 09:19:37 gateway kernel: IP fw-in deny eth0 UDP 192.168.1.2:137
192.168.1.255:137 L=78 S=0x00 I=11008 F=0x0000 T=32
May 2 09:19:37 gateway kernel: IP fw-in deny eth0 UDP 192.168.1.2:138
192.168.1.255:138 L=217 S=0x00 I=12032 F=0x0000 T=32
May 2 09:19:38 gateway kernel: IP fw-in deny eth0 UDP 192.168.1.2:138
192.168.1.255:138 L=217 S=0x00 I=13056 F=0x0000 T=32
May 2 09:19:39 gateway kernel: IP fw-in deny eth0 UDP 192.168.1.2:138
192.168.1.255:138 L=244 S=0x00 I=13312 F=0x0000 T=32
May 2 09:19:39 gateway kernel: IP fw-in deny eth0 UDP 192.168.1.2:138
192.168.1.255:138 L=217 S=0x00 I=14080 F=0x0000 T=32
May 2 09:19:40 gateway kernel: IP fw-in deny eth0 UDP 192.168.1.2:138
192.168.1.255:138 L=217 S=0x00 I=15104 F=0x0000 T=32
This IP 192.168.1.2 does not exist on my network. I also see other entries
with other IP addresses. This has started since I set the machine up, so I
figure it is just a config setting somewhere. Can anyone help me out here?
port numbers are almost always 137 or 138, and occasionally 513. Always
UDP.
More information about the Ale
mailing list