Sonicwall soho series firewall reporting Malformed Packet on ports 137-139, UDP every 2 minutes
Hello,
A sonicwall soho series firewall (about 5 years old.. unsure on the version/model/firmware numbers) reports and drops a "Malformed Packet" everytime Samba broadcasts a packet on UDP ports 137-139.
The linux distribution is Red Hat Enterprise Linux ES 3.0.
The version of Samba is the latest offered from RHN.
Source IP - 192.168.1.8 (samba server) - Destination IP - 192.168.1.255 (broadcast)
I have seen on Linuxquestions.org that others have had this problem when combining Sonicwall and Samba. However there were no solutions offered. Furthermore, Sonicwall's whitepapers does not have any information regarding Samba/SMB.
What was tried so far:
1) I have allowed Netbios broadcasts via a checkbox in the Sonicwall configuration
2) I have created an Allow rule for any internal UDP packets on ports 137-139 originating from 192.168.1.8
My intuition says that this is not a problem with SMB but possibly a network configuration problem on the Samba server's eth0 interface - or, it is a Sonicwall mis-judgement of a SMB packet (possibly corrected in recent versions of it's firewall family).
I will post my ifconfig eth0 output as soon as I have remote access to the server.
Let me know what extra information is needed.
Thanks in advance!
A sonicwall soho series firewall (about 5 years old.. unsure on the version/model/firmware numbers) reports and drops a "Malformed Packet" everytime Samba broadcasts a packet on UDP ports 137-139.
The linux distribution is Red Hat Enterprise Linux ES 3.0.
The version of Samba is the latest offered from RHN.
Source IP - 192.168.1.8 (samba server) - Destination IP - 192.168.1.255 (broadcast)
I have seen on Linuxquestions.org that others have had this problem when combining Sonicwall and Samba. However there were no solutions offered. Furthermore, Sonicwall's whitepapers does not have any information regarding Samba/SMB.
What was tried so far:
1) I have allowed Netbios broadcasts via a checkbox in the Sonicwall configuration
2) I have created an Allow rule for any internal UDP packets on ports 137-139 originating from 192.168.1.8
My intuition says that this is not a problem with SMB but possibly a network configuration problem on the Samba server's eth0 interface - or, it is a Sonicwall mis-judgement of a SMB packet (possibly corrected in recent versions of it's firewall family).
I will post my ifconfig eth0 output as soon as I have remote access to the server.
Let me know what extra information is needed.
Thanks in advance!
I dont have any experience with sonicwall. But is there not an option to turn off checks for malformed packets?
ASKER
Unfortunately, owensleftfoot, I did not find such an option.
Like you I found a couple of references to the same problem on the net with no solutions. What version of samba does RHE 3 ship with? The latest version of samba appears to be 3-0-2a - upgrading to this version is worth a try.
ASKER
We currently have samba-3.0.2-6.3E. This version was downloaded directly from Red Hat Network... I wonder what other options we have..?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
If it were entirely up to me - we would replace the sonicwall with a soho-series Pix (like the 506). However, hardware procurement is out of my hands.
It is so hard to believe that so few have used Sonicwall with Samba.
This makes me think that we are missing something.
hmm..
It is so hard to believe that so few have used Sonicwall with Samba.
This makes me think that we are missing something.
hmm..
As you said, your firewall is pretty old. Any duplication of your problem seems only to involve redhat from 9.0 on. People are either using it with an older version of redhat or are using a more up to date version of the firewall.