Windows Shares through a Firewall?

  • Thread starter Thread starter Joe Public
  • Start date Start date
J

Joe Public

I am trying to set up a share to be available through a firewall. The share
is on a Windows Server 2003 box, the firewall is built in to a Zoom Networks
ADSL Modem/Router, and the remote client is running Windows 2000. The DSL
connection has static IP¹s, and I prefer to not put the server in the
Firewall¹s DMZ. If possible, I would also like to avoid using a VPN
connection or any kind of remote admin tool. All that needs to be accessed
remotely is the share- nothing else. Does anyone have any suggestions?
Thanks in advance!
 
You have to open the firewall to the IP address of the machine that has the share on it, and open up TCP Ports 137 and 138 on it.
 
I've done that, but it doesn't seem to work. The client on the WAN side of
the router can't connect due to a path not found error. Is there anything
else I might be missing here?
 
Joe Public said:
I am trying to set up a share to be available through a firewall. The share
is on a Windows Server 2003 box, the firewall is built in to a Zoom Networks
ADSL Modem/Router, and the remote client is running Windows 2000. The DSL
connection has static IP¹s, and I prefer to not put the server in the
Firewall¹s DMZ. If possible, I would also like to avoid using a VPN
connection or any kind of remote admin tool. All that needs to be accessed
remotely is the share- nothing else. Does anyone have any suggestions?
Click to expand...

You need to open up the right ports in the firewall:

netbios-ns 137/tcp NETBIOS Name Service
netbios-ns 137/udp NETBIOS Name Service
netbios-dgm 138/tcp NETBIOS Datagram Service
netbios-dgm 138/udp NETBIOS Datagram Service
netbios-ssn 139/tcp NETBIOS Session Service
netbios-ssn 139/udp NETBIOS Session Service

and make sure the packets get to your W2k3 box.

Set up an LMHOSTS file on your client with the name and
IP of the server.
 
All of those ports are open, as well as 445, 136, and 135. The router is
pingable from the remote client, but attempts to map the share via
\\<router's WAN IP>\<share_name> fail. The server currently has a LAN-only
static IP (via NAPT on the router). It's starting to look like the server
will have to go into the router's DMZ in order for outside clients to map a
drive. And before anyone suggests it, I was told by the ISP that I cannot
change the encapsulation on the router as it is using PPPoE to authenticate,
but it is always assigned the same IP. So it's a pseudo-static IP account I
guess...
 
Joe said:
All of those ports are open, as well as 445, 136, and 135. The router is
pingable from the remote client, but attempts to map the share via
\\<router's WAN IP>\<share_name> fail. The server currently has a LAN-only
static IP (via NAPT on the router). It's starting to look like the server
will have to go into the router's DMZ in order for outside clients to map a
drive. And before anyone suggests it, I was told by the ISP that I cannot
change the encapsulation on the router as it is using PPPoE to authenticate,
but it is always assigned the same IP. So it's a pseudo-static IP account I
guess...
Click to expand...
Did you assign a port forwarding on the router?
Depending on the router perhaps thats what´s your DMZ is about.
Many "simple" Router call a port forwarding DMZ, because they do not
have a second internal network adapter for a "real" dmz.

It is not enough to open ports on a router. Because of the adress
translation, the router needs to know , where to send the packets coming
from an first external established connection.

HTH

Markus
 
The router requires a LAN-side IP address for any ports opened, and all
of the ports I opened are assigned to the IP of the server on the LAN.
Theoretically, at least according to the router manual, that's all I need to
do. The router is a Zoom Networks 5554, by the way, in case that helps at
all. Zoom has told me that I need to set up a VPN in order to do this, at
least they *think* that's what needed. Their tech support doesn't seem to be
the most knowledgeable, as they had previously told me that I didn't need to
open any ports in the firewall, as local clients wouldn't be going through
the firewall to map a drive on a local server, even though I specifically
said that the server was on the LAN and the client was on the WAN side of
the router.
In case I can't get the port-forwarding to work for this application,
can anyone recommend a good software firewall that's compatible with Windows
Server 2003? Ideally, I'd like to be able to limit access to only a handful
of WAN IP's, as the remote client also has a static IP. Thanks!
 
Back
Top