On 6/24/05, Alexander Piccardi <piccardi at gmx dot net> wrote:
> 2) for analysis of my internal dataflow I have set up an old pc (P3,
> 800Mhz)with the 1.2b9 cd-image. There something strange was happening.
> Though nearly everithing was allowed in the two networks I had problems with
> the virus scanner. This scanner uses for the contact to a command-console a
> lot of ports (137-139, 3000-3050, 5005-5150 and perhaps some more). It was
> strange, that I could find on port 137 to 139 incoming and outgoing traffic.
Did you disable NAT (enable advanced outbound NAT without any NAT
rules)? You probably don't want NAT in this type of setup since that
will greatly complicate things, and would most likely explain your
> But it was much more strange, that the outgoing traffic on port 139 was
> blocked, though there was no blocking rule.
You're probably seeing dropped broadcast traffic.