1. Home
  2. Networking Firewalls
  3. Syntax to block TCP/UDP port 135-139 on D-Link NAT?

Syntax to block TCP/UDP port 135-139 on D-Link NAT?

All I want to do is block ports 137-139 & 445 on Windows XP SP2. But I ended up blocking EVERYTHING and screwing it all up. Can you tell me what I did wrong (or what to do right)?

I have a home network with a single wireless WinXP computer. My NAT is a D-Link 2.4 Ghz Wireless Router. I ran the steps below but it blocked all network traffic somehow??? What did I do wrong to block ports 137-139 & 445???

I first tried the D-Link "Help" button but all it said was: "Firewall Rules is an advance feature used to deny or allow traffic from passing through the device. It works in the same way as IP Filters with additional settings. You can create more detailed rules for the device."

Uh, That didn't help me very much (I need an example) so I tried to set things myself but I don't know if I did it right because I had to unset it all just to get out to google on my browser afterward.

My first question is should I set up "IP Filters" or "Firewall Rules". I didn't know so I went arbitrarily to "Firewall Rules" because "IP Filters" seemed to be outbound from the LAN to the WAN while "Firewall Rules" seemed to go both ways. Here is what I did to block (I think) ports 135-139 & 445 on Firewall Rules on the DLINK NAT.

1) I logged into http://192.168.0.1 as "admin". 2) I selected the "Advanced" tab & "Firewall" button. 3) I set the two "Firewall rules" sections as shown below.

The first "Firewall Rules" section asks for a name (what name does it want?) so I left it blank not knowing what name it wanted but I did hit the disable radio dial (not knowing what else to do in this first section). ( )Enabled (o)disabled Name =

Here is how I set the second "Firewall Rules" section: Action ( )Allow (o)Deny Source Interface = LAN, WAN, or * (I chose *) Source IP Range Start = (I put in 0.0.0.0) Source IP Range End = (I put in 255.255.255.255) Destination Interface = LAN, WAN, or * (I chose *) Destination IP Range Start = (I put in 0.0.0.0) Destination IP Range End = (I put in 255.255.255.255) Destination Protocol = TCP, UDP, ICMP, or * (I chose *) Destination Port Range = 137 - 129 Schedule (o)Always

I did likewise for port 445.

What did I do wrong? I had to reset the NAT just to get this message out as everything is blocked!

Reply to
Nancy Lebovitz
Loading thread data ...

By default your router will be blocking all inbound traffic that is not from an established sessions initiated by your computer. You can go to a self test site like

formatting link
to see if any vulnerabilities exist. Also since you have one computer you can disable file and print sharing and Client for Microsoft networks and then your computer will not act as a file server or try to access any shares or use those ports.

When configuring firewall rules for outbound access the best defense is to deny everything and then define the allowed exceptions such as for ports 80,

443, 125, 110, 119 TCP for web, mail, and news and port 53 UDP for DNS. Many if not most consumer grade routers however do not seem to have that capability. To manage outbound access you want to select LAN as source [and maybe specific IPs], WAN as destination, the protocol, and then the ports or port range. The ordering of firewall rules is also important as the first firewall rule that matches the traffic applies. So it is best to put specific rules higher in the list and general rules lower. --- Steve

Reply to
Steven L Umbach

I suggest you do a hard reset on the router, which will put the router back to its out of the box default state before you decided to come up with these rules or manually delete the rules as they are worthless.

The machine is setting behind a NAT router and you don't have to set any rules as all ports such as 137-139 UDP and 445 TCP are blocked by default on the NAT router. No one from the WAN/Internet can come at those ports, because the machine(s) are setting behind the router.

If you don't want the Windows XP machine to network period, then you simply go to the NIC (Network Interface Card) properties from the XP LAN screen and remove MS File & Print Sharing and Client for MS Networks from the NIC and the machine will not be able to network period WAN or LAN, as ports 137-139 UDP and TCP 445 will be closed due to the removal of the client and service off the NIC.

You go to the O/S and configure the O/S on the computer and not the router or a personal FW running with the O/S. You go to the O/S and configure it.

formatting link
Duane :)

Reply to
Duane Arnold

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.