I found the problem.
I ran tcpdump on the firewall (as someone suggested) and played around with
ipchains. To my surprise the firewall was not seeing ANY UDP packets 137-139
even with ipchains turned off, and nmap was reported that those ports were
open. And then a light went on in my head (cause I hit my forehead with the
palm of my hand REALLY HARD):
My firewall is connected to a cablemodem, and it hit me that the cable co.
must be doing some filtering on UDP 137-139 (probably due to all the
complaints about Windows Network File Shares being easy to access/browse),
and they must be dropping those packets so my firewall never sees it and
nmap never see an ICMP unreachable (hence the report of a "Port Open").
Thanks anyway to all the people who responded!
--
Gene Lee
[EMAIL PROTECTED]
[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
