LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-29-2003, 09:53 AM   #1
dbaker
LQ Newbie
 
Registered: Jun 2003
Posts: 14

Rep: Reputation: 0
Can't firewall udp ports 137 and 138


Hi, I am wondering why I can't block packets coming in on udp ports 137 and 138 in iptables?

I have a win client that uses udp broadcasts to resolve netbios names. I thought it used udp port 138 for this but when I block it with iptables, name resolution still works:

-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT

Also, doesn't nmbd listen on port 137? How can clients send it browsing information if packets are set to be rejected in the firewall? When you open up network neighbourhood, does not this list come from nmbd? How can nmbd respond if packets don't reach the port because of the firewall rule?

Maybe I don't understand the mechanism.

Darryl
 
Old 06-29-2003, 01:02 PM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
The smb protocol uses ports 137, 138 and 139. It also uses tcp as well as udp so you will need to close both.
 
Old 06-29-2003, 01:58 PM   #3
dbaker
LQ Newbie
 
Registered: Jun 2003
Posts: 14

Original Poster
Rep: Reputation: 0
But I thought all name resolution was done by udp. If I type, net use * \\<samba server hostname> on my windows client, wouldn't the name resolution request go to nmbd on a udp port on my samba server. If I have all of these ports closed on the firewall, why does name resolution work. The netbios cache or whatever it is called is empty on my windows box.

I am just curious.


Darryl
 
Old 06-29-2003, 02:07 PM   #4
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
Quote:
Originally posted by dbaker
But I thought all name resolution was done by udp. If I type, net use * \\<samba server hostname> on my windows client, wouldn't the name resolution request go to nmbd on a udp port on my samba server. If I have all of these ports closed on the firewall, why does name resolution work. The netbios cache or whatever it is called is empty on my windows box.
UDP is the primary protocol for name resolution but I think it will revert to tcp if it fails on udp.
 
Old 06-29-2003, 03:41 PM   #5
dbaker
LQ Newbie
 
Registered: Jun 2003
Posts: 14

Original Poster
Rep: Reputation: 0
OK, I found out what is going on. I had an entry for my samba server in the lmhosts file on my windows box. It was not even going to the server for name resolution. Now if I block udp port 137, the port that nmbd is listening on, name resolution does not work and everything makes sense.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Firestarter - lot's of activity on ports 138, 137 watchitman Linux - Security 1 08-13-2004 08:38 PM
Close ports 137 and 138 samba server? hacinn Linux - Security 2 06-24-2004 06:58 AM
Why does Samba send malformed UDP packets to 137 and 138? The Dartman Linux - Networking 2 04-12-2004 03:28 PM
TCP packets port 135,137,138,139 Gilion Linux - Networking 1 10-27-2003 09:11 AM
Can/should I close NetBIOS ports 137, 138, 139 ? Q*Bert Linux - Security 24 03-28-2003 04:50 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration