LAN file sharing



  • Newbie question probably i know, but just to double check, i keep going the following firewall log things

    Apr 24 14:29:56 VLAN200 192.168.1.202:138 192.168.1.255:138 UDP
    Apr 24 14:29:55 VLAN200 192.168.1.197:138 192.168.1.255:138 UDP
    Apr 24 14:29:04 VLAN200 192.168.1.200:137 192.168.1.255:137 UDP
    Apr 24 14:29:03 VLAN200 192.168.1.200:137 192.168.1.255:137 UDP

    This is just for file sharing on windows right, between computers on the lan and therefore i should add a rule to pass this safely or? Like port 137 is netbios so i can safely allow this to pass from VLAN200 to VLAN200 so it stays within the lan. I have read that trojans sometimes try to use this port as windows is hardcoded to not filter this port so i should not pass traffic outside the lan or?

    Cheers
    Robin



  • This is the regular Windows netbios broadcast (correctly on the subnet's broadcast address .255).
    You neither need to route it from VLAN200 to VLAN200 nor could you. It's a broadcast.
    Passing it to the outside world would be considered a misconfiguration.

    It just shows up in the firewall logs. To get rid of the notification put a block rule without logging in your ruleset and those entries are gone.



  • Hey

    umm, what do you mean i can't route it?

    like if i put the following into the firewall rules:
    TCP  VLAN200 net  *  VLAN200 net  137 (NetBIOS-NS)  *

    what would that do? I mean would this just take it out of the list as well with the same result as currently with no rule (like it is a broadcast so if i don't have a specific rule attached it is presumed block from my understanding, but other computers can still hear the broadcast on the network(this is the part i don't get cos if they can then the above rule would do nothing apart from keeping it out of my log))….

    Cheers
    Robin



  • Exactly. The above rule would do nothing apart from keeping it out of your logs.
    Every single host connected to your LAN segment is receiving these packet and your firewall can not filter them even theoretically.


Log in to reply