![](https://seccdn.libravatar.org/avatar/31cd99395e30a53f253916c2227a4e14.jpg?s=120&d=mm&r=g)
On Monday 20 January 2003 11:22 am, Brian wrote (privately):
The senario: eth0 is external my firewall is set up with http and ssh open and nothing else. If i drop the incomming packets will i still be able to use samba? Or should i open up a port for those packets?
If you drop the incoming packets, then you won't be able to use samba FROM OUTSIDE your network -- internally, you should still be able to use samba. This is generally "a good thing" If you've segregated your webserver FROM your internal network as well [often a good thing to do as well -- it's called a "DMZ", or "de-militarized zone"] then you need to pay attention to which ports [eth#, not 80 vs. 8080] traffic can or cannot flow through. In your case, the fact that port 137 attempts are being made against eth0 indicates some sort of "scanning" activity is occuring from "the internet" -- this may be benign [i.e., some user has their computer on the same dial-up pool or DSL/cable switch as you AND they're "broadcasting", which is default windows behaviour] or it may be intentional/malicious [someone actively searching for vulnerable computers] I'd lean towards malicious since they are targeted at 192.168.x.y addresses [your ISP should not be forwarding such traffic, BTW] Tom p.s. please direct responses to the list, not personal [unless you really DO have a "personal" message] since -- I read messaages on the list, so I'll see it -- I post responses that can help others "with the same problem" to the list -- messages on the list are archived and searchable; messages to me are not the last point is the most important: if you're seeking a solution and it has been posted to the list, you can often find it with an archive search -- you cannot search MY personal inbox/outbox because, well, you simply don't have direct access to it -- it is behind a firewall...