jmjaszewski
MIS
Here's the situation. I had a personal firewall on a server (not my choice but due to money constraints it was the only option). I now have the option of a new dedicated firewall. I want to allow access via ports 137-139 through the firewall itself and have been doing testing on accessing the server. I have 2 network interfaces; one static public IP and one static private IP. The personal firewall is temporarily disabled for testing purposes, and therefore the server is not currently in production. Access is fine on the private IP. On the public IP, I cannot make a NetBIOS connection remotely. Using nmap, I get the following messages regarding NetBIOS:
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
There is currently no TCP/IP filtering enabled. Routing and remote access is turned off, which I suspect may be the issue, but I still believe I should be able to make a NetBIOS connection to the server. I scanned the public IP using Nessus, and even Nessus does not find ports 137-139 open, even though there is, at the moment, no security in place. I know for a fact that there is no ACL or other device in place blocking ports 137-139 from the ISP. Logically, when I take down the firewall, I should be able to access the public interface, since nothing is seemingly there to block it. How can ports 137-139 be blocked, when there is nothing in place? I have checked Group Policy, and there is nothing enabled that would not allow NetBios connections. NetBIOS over TCP/IP is also enabled. I bounced the public interface (disabled then enabled), but it did not help.
I know that this situation is strange because I am removing security temporarily to try and connect remotely, however the situation is interesting because the ports are blocked without anything overt to block them. What I'd like to figure out is why these ports are still showing up filtered. Am I missing something that may be blocking them? If anyone has any suggestions as to why I am seeing these ports blocked, even thought there is seemingly nothing blocking them, I would appreciate it.
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
There is currently no TCP/IP filtering enabled. Routing and remote access is turned off, which I suspect may be the issue, but I still believe I should be able to make a NetBIOS connection to the server. I scanned the public IP using Nessus, and even Nessus does not find ports 137-139 open, even though there is, at the moment, no security in place. I know for a fact that there is no ACL or other device in place blocking ports 137-139 from the ISP. Logically, when I take down the firewall, I should be able to access the public interface, since nothing is seemingly there to block it. How can ports 137-139 be blocked, when there is nothing in place? I have checked Group Policy, and there is nothing enabled that would not allow NetBios connections. NetBIOS over TCP/IP is also enabled. I bounced the public interface (disabled then enabled), but it did not help.
I know that this situation is strange because I am removing security temporarily to try and connect remotely, however the situation is interesting because the ports are blocked without anything overt to block them. What I'd like to figure out is why these ports are still showing up filtered. Am I missing something that may be blocking them? If anyone has any suggestions as to why I am seeing these ports blocked, even thought there is seemingly nothing blocking them, I would appreciate it.
