Lots of firewall hits on port 137

WinGate Proxy Server and other Qbik products

Switch to full style
Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems
Post a reply
deftech

Lots of firewall hits on port 137

Mar 02 06 12:47 pm

I have a multihomed machine (3 nics), running latest version of wingate.

My network is segmented into two sides, 10.0.0.0, and 10.0.1.0. Each of those subnets runs to it's own nic in the wingate machine. The third nic, goes out to the internet on 10.0.0.75.

Ever since I stuck in a 3rd network card, I've been getting a lot of hits from the 10.0.1.0 side of my LAN on port 137 to the wingate machine. These are netbios name requests as far as I can tell.

Any clue how to stop this?
adrien
  • adrien
  • Posts: 5448
  • Joined: Sep 03 03 2:54 pm
  • Location: Auckland
  • Website

Mar 02 06 1:10 pm

Hi

do you need to use those addresses for any reason?

MS TCP/IP has a few problems with 10.x.x.x subnets (uses a class A mask to create broadcast address, regardless of network mask).

Also, all 3 NICs should be in different logical subnets. The one on 10.0.0.75 is in the same subnet as your 10.0.0.0 network.

We recommend using the 192.168.x.y ranges of IP addresses.

Regards

Adrien
deftech

hi and thanks for the reply

Mar 02 06 1:16 pm

Not any specific reason. We do have 95 computers though, all configured with 10.0.0.0's. It would be a pain to redo them just for this.

Your right the 3rd nic (the one that gets out externally, 10.0.0.75), is on the same subnet as one of the other nics, internally.

I suppose I shall leave it this way since everything works ok. I just don't like looking at a bunch of hits I can't control :)

Thanks for your time.
Pascal
  • Pascal
  • Posts: 2623
  • Joined: Sep 08 03 8:19 pm
  • Location: Auckland, New Zealand
  • Website

Mar 02 06 2:30 pm

What does your route table look like? I'd be concerned about having an internal and external NIC in the same subnet and wouldn't be at all surprised if that's why you are seeing these hits.
deftech

Mar 03 06 6:41 am

Ok I changed the external nic to a routable ip address to see if that would change anything, with the advice you mentioned about having 2 nics on the sam subnet.

The ip address of the external nic is a 64.xxx.xxx.xxx.

Now the firewall shows tons of hits coming from my router from random UDP ports starting greater than 32768. They all come in at the same time. This is wierd.

Wingate firewall hit report:

Time: 3/2/2006 9:30:25 AM
Reason: Port Range
Source MAC address: 00-0F-B5-38-66-10
Destination MAC address: 00-10-4B-28-07-CB
Source IP Address: 64.128.84.7 : 34622 <-----THIS IS MY ROUTER
Destination IP Address: 64.128.84.6 : 1028 <----THIS IS MY WINGATE MACHINE
Protocol: UDP
Time-to-live: 126


[/img]
Nev
  • Nev
  • Posts: 861
  • Joined: Sep 22 03 11:35 pm
  • Location: Mudgee ~ NSW ~ Australia

Mar 03 06 3:46 pm

Hi,

How are the NIC's recognised in the network tab, is the 64.xx internal / external?
deftech

hi thank

Mar 04 06 5:45 am

The 64. is set as external.
Post a reply
Switch to full style

Powered by phpBB © phpBB Group.

phpBB Mobile / SEO by Artodia.

Board index