locked
Firewall Settings for WHS 2011 RRS feed

  • Question

  • Hi all,

    I am running WHS in a different way. I use it for storing my pictures, music etc. but also use it as a router between an Open Mesh network and the internet. I have a managed AT&T T1 line that I share with my neighbors as there is no DSL where we live. To do that I set up Routing and Remote Services and have two network cards. One attaches to the T1 line and the other attaches to the local area network which includes my home computers and open mesh routers. The open mesh users cannot see my local computers. However, I did receive an email from AT&T that bothers me: 

    AT&T has received information indicating that one or more devices using your Internet connection may have NetBIOS services exposed to the Internet.

    This usually means that the firewall on your router, wireless router, or computer is disabled or misconfigured. The IP address 12.xxx.xxx.xxx was observed responding to NetBIOS requests on port 137/udp on Aug 3, 2014 at 12:26 AM EDT. Our records indicate that this IP address was assigned to you at this time. More details appear below.

    For security and privacy reasons, NetBIOS services should not be made available from the public Internet. They can be used to gain information about your computers, and can also be used by malicious actors to perform denial of service attacks. Please ensure that the firewall is enabled on your router or computer, and that inbound and outbound traffic on the affected ports are blocked (135/udp through 138/udp, 445/udp, and 139/tcp for Microsoft Windows; see details below for additional ports that may need to be blocked).

    Regards, AT&T Internet Services Security Center

    The question is how do I go about disabling the ports for just the T1 network and not the local network? I want my local computers to talk to each other and be able to print to a common printer. I have tried to block the port access for port 138/udp in Windows Firewall with Advanced Security but when I make the change to disabled/block and save it, the next time I bring it up it says enabled/allow.

    Any help would be appreciated.


    Steve Mayo

    Tuesday, August 5, 2014 1:39 PM

All replies

  • Hi Steve Mayo,

    Based on your description, I understand that you want to disable specific ports for the T1 network, not for local network.

    à I have tried to block the port access for port 138/udp in Windows Firewall with Advanced Security but when I make the change to disabled/block and save it, the next time I bring it up it says enabled/allow.

    Did you mean that had attempted to disable the port via creating New Rule in Windows Firewall with Advanced Security panel? When run New Rule Wizard, did you select Public (Applies when a computer is connected to a public network location) in Steps of Profile? Would you please let me summarily know how you configured?

    If any update, please feel free to let me know.

    Hope this helps.

    Best regards,

    Justin Gu

    Thursday, August 7, 2014 7:49 AM
  • Thanks Justin,

    I was trying to edit an existing rule as I thought creating a new rule would conflict with the rule already in the list. I used the New Rule wizard and it seems to have worked.  My only concern is that it has a red circle with a slash in the first column while most of the rules are green with a check mark. 

    Also in Monitoring, under General Settings there is a line that says "Display a notification when a program is blocked:". It is currently set to "No". Is there a way to have it notify me when the new rule is hit? How do you change that setting?

    Thanks again,

    Steve


    Steve Mayo

    Thursday, August 7, 2014 1:36 PM