This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

not normal request by DMZ server

Hi all,

I have checked the real-time packet filter log and found the server "192.168.1.2" in DMZ trying to connect the IP 192.168.1.255 with port 138. Should I let the packet go?

And the same server using Port 67 to connect to IP 255.255.255.255 port 68. And using Port 68 to connect to IP 255.255.255.255 port 67. Is it normal?

felix

This thread was automatically locked due to age.

Parents

0 Kenn over 23 years ago

Port 138 is netbios- a normal type of traffic that's blocked. You definitely don't want to let this one go.

Port 67 (and 68) are DHCP requests/answers. Another type of traffic you normally wouldn't let loose.

On 67/68- Rule 1 on my firewall is explicit-

any - DHCP(67/68 TCP/UDP) - any - drop

yet they still show up in the active filter log. Any idea why? Even with a catch all of any-any-any-drop...
Cancel
Vote Up 0 Vote Down

Cancel
0 felix_01 over 23 years ago in reply to Kenn

THANKS ALOT, now I am sure my server is not affected by virus
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 felix_01 over 23 years ago in reply to Kenn

THANKS ALOT, now I am sure my server is not affected by virus
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data