Firewall entries to fix

I see entries of the type:
Sep 11 09:02:58 nethfirewall-hostname kernel: Shorewall:loc2fw:REJECT:IN=eth0 OUT= MAC=xx:yy:zz SRC=ip-address-windows-client DST=ipadress-nethfirewall-hostname LEN=30 TOS=0x00 PREC=0x00 TTL=128 ID=26917 PROTO=UDP SPT=52809 DPT=5351 LEN=10.

As the port 5351 is registered for NAT Port Mapping I would like to know where to change what setting in order to get rid of this entries.

Another thing I would like to eliminate is:

Sep 11 09:06:43 nethfirewall-hostname kernel: Shorewall:loc2fw:REJECT:IN=eth0 OUT= MAC=XX:YY:ZZ SRC=ip adress d-link-access-point DST=ip-address nethfirewall LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=36500 DPT=137 LEN=58

Apparently Port 137 is registered for NETBIOS Name Service - so again, where would I have to change what setting to get rid of those entries ?

IMO you should not get rid of those log entries: the firewall is telling you that is doing his job :slight_smile:

You should fix the client to avoid sending such requests to the wrong host.

1 Like

Hi Giacomo. Can you help me understand those two cases so I can learn and fix them in client site?

Hosts on your LAN are trying to a access 2 services on your firewall.
The firewall doesn’t run any service on that ports, so the traffic is rejected.

First one seems relative to PCP (, but it could be anything else.
The second one is Netbios.

I do not know what clients are, so you should find yourself how to configure them.
If you can’t change the client config, it’s safe to ignore those messages :wink:

1 Like

Thanks for your explanation giacomo. In a first attempt I have seen that the windows server which causes the entries of my first example (DPT=5351) had configured a fixed ip, so I changed it to dhcp as was an obvious difference to the other windows clients, but that did not help, so I will search and find out where those entries come from. :+1:

1 Like