At 10:22 AM 8/6/2003 +0100, Whileman, John wrote:
Sorry to bother you all, but I don't understand something I'm seeing on
weblet.

On a Dachstien standard floppy distribution, the Weblet's conection page is
showing an IP masq entry for:

Udp 4:55.63 192.168.1.1 192.168.231.255 138 -> 138 (61000)

I've looked up Port 138 and I can see it's NETBIOS Datagram, but I don't
understand why there is a connection on the firewall as I thought all
192.168.x.x addresses were non-routing ? So why does the firewall seem to
have allowed it to establish a connection ?

Also, I could understand if I was seeing 192.168.1.255 as a local broadcast,
but why .231.255 ?

Any idea's or enlightenment would put my mind at rest.

Many thanks to all.
[boilerplate deleted]

Why not? While the RFC standard says that 192.168.0.0/16 is not supposed to be routed on *public* networks, there is nothing magic about the addresses that stops routers from trying to route them. You might, for example, have a private system with individual networks 192.168.1.0/16 and 192.168.231.0/16, and a router that connects them. Nothing wrong with that, sine it is not routing the addresses on or to the *public* network.

To stop routing on a Dachstein (not Dachstien) router, you need to block "RFC1918" addresses in the firewall ruleset. It's been some time since I last ran Dachstein here, so I cannot point you to the exact place to set it. But if you did not set it, the system will at least try to (in your case) NAT connections from your LAN to other networks in 192.168.0.0/16 .

As to "but why .231.255" ... I suppose because some workstation on your LAN is trying to reach that address. You'll need to investigate locally to figure out why. Maybe a laptop that is usually used on a different LAN is misconfigured ... but that's just a wild guess.

As an aside, from time to time people post questions here about whether blocked packets from/to ports 137/139 are attacks. I usually reply suggesting that they are more likely to be a "leaky router" on the ISP's "LAN" than a deliberate attack. This problem is (I think) an example of just such a misconfigured router.







-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to