Syntax to block TCP/UDP port 135-139 on D-Link NAT?

Giganews Newsgroups
Subject: Syntax to block TCP/UDP port 135-139 on D-Link NAT?
Posted by:  Nancy Lebovitz (nanc…@panix.com)
Date: Sat, 01 Apr 2006

All I want to do is block ports 137-139 & 445 on Windows XP SP2.
But I ended up blocking EVERYTHING and screwing it all up.
Can you tell me what I did wrong (or what to do right)?

I have a home network with a single wireless WinXP computer.
My NAT is a D-Link 2.4 Ghz Wireless Router.
I ran the steps below but it blocked all network traffic somehow???
What did I do wrong to block ports 137-139 & 445???

I first tried the D-Link "Help" button but all it said was:
"Firewall Rules is an advance feature used to deny or allow traffic from
passing through the device. It works in the same way as IP Filters with
additional settings. You can create more detailed rules for the device."

Uh, That didn't help me very much (I need an example) so I tried to set
things myself but I don't know if I did it right because I had to unset it
all just to get out to google on my browser afterward.

My first question is should I set up "IP Filters" or "Firewall Rules". I
didn't know so I went arbitrarily to "Firewall Rules" because "IP Filters"
seemed to be outbound from the LAN to the WAN while "Firewall Rules" seemed
to go both ways.

Here is what I did to block (I think) ports 135-139 & 445 on Firewall Rules
on the DLINK NAT.
1) I logged into http://192.168.0.1 as "admin".
2) I selected the "Advanced" tab & "Firewall" button.
3) I set the two "Firewall rules" sections as shown below.

The first "Firewall Rules" section asks for a name (what name does it
want?) so I left it blank not knowing what name it wanted but I did hit the
disable radio dial (not knowing what else to do in this first section).
( )Enabled      (o)disabled
Name = <currently this is blank>

Here is how I set the second "Firewall Rules" section:
Action    ( )Allow    (o)Deny
Source Interface = LAN, WAN, or * (I chose *)
Source IP Range Start = <blank> (I put in 0.0.0.0)
Source IP Range End = <blank> (I put in 255.255.255.255)
Destination Interface = LAN, WAN, or * (I chose *)
Destination IP Range Start = <blank> (I put in 0.0.0.0)
Destination IP Range End = <blank> (I put in 255.255.255.255)
Destination Protocol = TCP, UDP, ICMP, or * (I chose *)
Destination Port Range = 137 - 129
Schedule (o)Always

I did likewise for port 445.

What did I do wrong?
I had to reset the NAT just to get this message out as everything is
blocked!

--
Nancy Lebovitz    http://www.nancybuttons.com
http://livejournal.com/users/nancylebov

My two favorite colors are "Oooooh" and "SHINY!".

Replies