Re: [m0n0wall] monowall problem with viruspattern update

From:	Chris Buechler <cbuechler at gmail dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] monowall problem with viruspattern update
Date:	Fri, 24 Jun 2005 12:59:50 -0400

On 6/24/05, Alexander Piccardi <piccardi at gmx dot net> wrote:
> 
> 2) for analysis of my internal dataflow I have set up an old pc (P3,
> 800Mhz)with the 1.2b9 cd-image. There something strange was happening.
> Though nearly everithing was allowed in the two networks I had problems with
> the virus scanner. This scanner uses for the contact to a command-console a
> lot of ports (137-139, 3000-3050, 5005-5150 and perhaps some more). It was
> strange, that I could find on port 137 to 139 incoming and outgoing traffic.

Did you disable NAT (enable advanced outbound NAT without any NAT
rules)?  You probably don't want NAT in this type of setup since that
will greatly complicate things, and would most likely explain your
communications issues.


> But it was much more strange, that the outgoing traffic on port 139 was
> blocked, though there was no blocking rule. 

You're probably seeing dropped broadcast traffic.  

-Chris