I have a multihomed machine (3 nics), running latest version of wingate.
My network is segmented into two sides, 10.0.0.0, and 10.0.1.0. Each of those subnets runs to it's own nic in the wingate machine. The third nic, goes out to the internet on 10.0.0.75.
Ever since I stuck in a 3rd network card, I've been getting a lot of hits from the 10.0.1.0 side of my LAN on port 137 to the wingate machine. These are netbios name requests as far as I can tell.
Any clue how to stop this?
Lots of firewall hits on port 137
Moderator: Qbik Staff
7 posts
• Page 1 of 1
Lots of firewall hits on port 137
by deftech » Mar 02 06 12:47 pm
- deftech
- Posts: 91
- Joined: Mar 02 06 12:40 pm
- Location: USA
by adrien » Mar 02 06 1:10 pm
Hi
do you need to use those addresses for any reason?
MS TCP/IP has a few problems with 10.x.x.x subnets (uses a class A mask to create broadcast address, regardless of network mask).
Also, all 3 NICs should be in different logical subnets. The one on 10.0.0.75 is in the same subnet as your 10.0.0.0 network.
We recommend using the 192.168.x.y ranges of IP addresses.
Regards
Adrien
do you need to use those addresses for any reason?
MS TCP/IP has a few problems with 10.x.x.x subnets (uses a class A mask to create broadcast address, regardless of network mask).
Also, all 3 NICs should be in different logical subnets. The one on 10.0.0.75 is in the same subnet as your 10.0.0.0 network.
We recommend using the 192.168.x.y ranges of IP addresses.
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
hi and thanks for the reply
by deftech » Mar 02 06 1:16 pm
Not any specific reason. We do have 95 computers though, all configured with 10.0.0.0's. It would be a pain to redo them just for this.
Your right the 3rd nic (the one that gets out externally, 10.0.0.75), is on the same subnet as one of the other nics, internally.
I suppose I shall leave it this way since everything works ok. I just don't like looking at a bunch of hits I can't control :)
Thanks for your time.
Your right the 3rd nic (the one that gets out externally, 10.0.0.75), is on the same subnet as one of the other nics, internally.
I suppose I shall leave it this way since everything works ok. I just don't like looking at a bunch of hits I can't control :)
Thanks for your time.
- deftech
- Posts: 91
- Joined: Mar 02 06 12:40 pm
- Location: USA
by Pascal » Mar 02 06 2:30 pm
What does your route table look like? I'd be concerned about having an internal and external NIC in the same subnet and wouldn't be at all surprised if that's why you are seeing these hits.
- Pascal
- Qbik Staff
- Posts: 2623
- Joined: Sep 08 03 8:19 pm
- Location: Auckland, New Zealand
by deftech » Mar 03 06 6:41 am
Ok I changed the external nic to a routable ip address to see if that would change anything, with the advice you mentioned about having 2 nics on the sam subnet.
The ip address of the external nic is a 64.xxx.xxx.xxx.
Now the firewall shows tons of hits coming from my router from random UDP ports starting greater than 32768. They all come in at the same time. This is wierd.
Wingate firewall hit report:
Time: 3/2/2006 9:30:25 AM
Reason: Port Range
Source MAC address: 00-0F-B5-38-66-10
Destination MAC address: 00-10-4B-28-07-CB
Source IP Address: 64.128.84.7 : 34622 <-----THIS IS MY ROUTER
Destination IP Address: 64.128.84.6 : 1028 <----THIS IS MY WINGATE MACHINE
Protocol: UDP
Time-to-live: 126
[/img]
The ip address of the external nic is a 64.xxx.xxx.xxx.
Now the firewall shows tons of hits coming from my router from random UDP ports starting greater than 32768. They all come in at the same time. This is wierd.
Wingate firewall hit report:
Time: 3/2/2006 9:30:25 AM
Reason: Port Range
Source MAC address: 00-0F-B5-38-66-10
Destination MAC address: 00-10-4B-28-07-CB
Source IP Address: 64.128.84.7 : 34622 <-----THIS IS MY ROUTER
Destination IP Address: 64.128.84.6 : 1028 <----THIS IS MY WINGATE MACHINE
Protocol: UDP
Time-to-live: 126
[/img]
- deftech
- Posts: 91
- Joined: Mar 02 06 12:40 pm
- Location: USA
7 posts
• Page 1 of 1
Who is online
Users browsing this forum: Bing [Bot] and 1 guest