Sonicwall soho series firewall reporting Malformed Packet on ports 137-139, UDP every 2 minutes
Posted on 2004-04-16
A sonicwall soho series firewall (about 5 years old.. unsure on the version/model/firmware numbers) reports and drops a "Malformed Packet" everytime Samba broadcasts a packet on UDP ports 137-139.
The linux distribution is Red Hat Enterprise Linux ES 3.0.
The version of Samba is the latest offered from RHN.
Source IP - 192.168.1.8 (samba server) - Destination IP - 192.168.1.255 (broadcast)
I have seen on Linuxquestions.org that others have had this problem when combining Sonicwall and Samba. However there were no solutions offered. Furthermore, Sonicwall's whitepapers does not have any information regarding Samba/SMB.
What was tried so far:
1) I have allowed Netbios broadcasts via a checkbox in the Sonicwall configuration
2) I have created an Allow rule for any internal UDP packets on ports 137-139 originating from 192.168.1.8
My intuition says that this is not a problem with SMB but possibly a network configuration problem on the Samba server's eth0 interface - or, it is a Sonicwall mis-judgement of a SMB packet (possibly corrected in recent versions of it's firewall family).
I will post my ifconfig eth0 output as soon as I have remote access to the server.
Let me know what extra information is needed.
Thanks in advance!