Is there a way to use an alternative SMB port then 139?

Question

Is there a way to use an alternative SMB port then 139?

I need to provide SMB access to the server to facilitate telecommuting. Unfortunately some employees use comcast who (they admitted as much) block all traffic to ports: 67, 68, 135, 137, 138, 139, 445,
512, 520, 1080. They say that this is for incoming and outgoing traffic, which I confirmed. SMB uses port 139.

Does anyone know how to use an alternative port then 139 for SMB?

We have a linksys router / firewall that forwards some specific ports to the emac-server 10.3
the linksys box does not allow for redirecting port numbers. (EG WAN port 188 -> Intranet 192.168.1.33:139) Can some cheap router do this? Can I do this with the osxserver NAT in my situation? Did anyone try this? What do people do to get a mickeysoft xp machine to talk to the apple osx server from the WAN?

Posted on Aug 13, 2005 11:55 AM

Reply

Answer 1

Aug 14, 2005 2:54 AM in response to Ward Bouwman2

I would use VPN.

To accomodate Windows clients (2000/XP pro builit-in VPN client) your safest bet is to use PPTP. The router would need to be able to pass TCP port 1723 and the GRE protocol to the server. The GRE part is usually the stumbling block here.

Linksys has a router that can forward VPN ports/protocols but it also has a VPN server built-in. The Linksys RV802 seems to be availabe for about $250.

I guess it might be possible to get some other router/firewall that can forward GRE. If you have an old PC available check out IPCOP free Linux firewall with easy installation and setup http://www.ipcop.org.

"Free" or "cheap" is a relative thing, it usually depends on how you value your own time and effort.

Reply

Answer 2

Tim Harris

Level 4

1,481 points

Aug 17, 2005 1:46 AM in response to Ward Bouwman2

Blocking 139 is common as it is a major target for attack. You should consider blocking in you external firewall or router if you have one. Allow extrnal staff access to the server over VPN. Once you get it configured, you sould not have any problems with the VPN s/w and XP.

Tim

Reply

Answer 3

Aug 19, 2005 11:43 AM in response to Leif Carlsson

Thanks for the advise... I got vpn to work over a linksys WRT54GS ($80) box. It works for mac client to mac server.

I forward port 1723 to facilitate windows vpn. I can connect using vpn from a windows client, but I can not "map network drive". In fact I can not even connect to the internet with MSIE nor can I connect to the intranet at the other side of the VPN. when I disconnect the VPN I can again browse the internet.

Which lead me to suspect that there is a DNS problem for the windows machine. Is there a tool for ms-windows like apple's "network utilities"?

Any other suggestions?

Reply

Answer 4

Aug 20, 2005 1:23 AM in response to Ward Bouwman2

Take a look at the connection log at the server (or at the Mac VPN client when using PPTP). If you see a whole lot of errors when a PPTP client trying to attach, the GRE protocol might not be getting through your router.

TCP port 1723 isn't enough for PPTP, you need to forward GRE too and that might not be possible with your NAT router. Many NAT routers can only forward TCP and UDP. If they have VPN passthrough (most have) that is usually not for forwarding VPN traffic to a server on the NAT router's LAN (nowhere to enter settings to forward GRE to the server IP).

I guess you didn't read my first post too closely 😉

Reply

Answer 5

Aug 20, 2005 11:36 AM in response to Leif Carlsson

On my linksys WRT54GS box I can do
IPSec Passthrough : Enable
PPTP Passthrough : Enable
L2TP Passthrough : Enable
indeed no word of GRE here but the linksys website says for WRT54GS among others:
Microsoft uses IP Protocol 47 [GRE] for this secure tunnel. Provided that the PPTP Pass Through is set to Enable on the Router's Filters page and port 1723 is forwarded to the VPN Server, the Router will allow authentication and remote access into your network.
The router will also allow you access remote PPtP networks from behind the router providing the PPtP Passthrough is enabled on the router.
This is according to the linksys site.

The windows box shows the VPN connected. On that basis I assumed that the VPN PPTP protocol was established without problems. I do see some errors like Unsupported protocol 0x2e22.

Interestingly if I connect my mac client at home over PPtP I get the same symptoms as the MSbox has: No connection to the internet. No communication possible with the web or the LAN. I can't ping the server. I can not ping the router at work but I can ping the router at home. The network system preferences on the mac client gives no mask for the VPN TCPIP (also no DNS server data here. but there is the VPN IP number assigned correctly) not DNS servers. If I manually type in the DNS server addresses (one on the osx server and on on the web) I can browse the web but I still can't ping the osx server.

My next step is to take the windows machine behind the firewall and see if I can connect VPN from behind the linksys box. I let you know. Maybe linksys is a bit to confident about the VPN passthrough...

Any other suggestions I would welcome as well.

Reply

Answer 6

Aug 21, 2005 11:49 PM in response to Ward Bouwman2

Alas I don't think is the linksys router is the problem..... When I put the XP machine on the LAN I can activate the PPTP VPN but lose any ability to surf the web on the xp machine. I can us the xp machine to smb to the server using the ip address, (but I suspect that it just use directly port 139). Can cannot use the machine name such as myserver.escreeningroom.org. Alas the server VPN log still reports lots of:

Sun Aug 21 17:56:41 2005 : rcvd [proto=0x6110] 5b bb ed 63 b7 7b 50 8c 23 eb 5d 14 e9 bf 58 ad 17 0c 78 3a a8 9e 5f 6a 4c 18 bc 23 fb 1a 17 da ...
Sun Aug 21 17:56:41 2005 : Unsupported protocol 0x6110 received
Sun Aug 21 17:56:41 2005 : sent [LCP ProtRej id=0x23 61 10 5b bb ed 63 b7 7b 50 8c 23 eb 5d 14 e9 bf 58 ad 17 0c 78 3a a8 9e 5f 6a 4c 18 bc 23 fb 1a ...]

I would think that the PTPP protocol is not established effectively despite that the windows machine thinks.

It works fine if I use L2TP over IPSec with a mac client. Any idea what I should test next?

Reply

Answer 7

Aug 23, 2005 3:34 AM in response to Ward Bouwman2

"Provided that the PPTP Pass Through is set to Enable on the Router's Filters page and port 1723 is forwarded to the VPN Server, the Router will allow authentication and remote access into your network."

I can only say that I belive GRE isn't getting through. I read some had have luck with Netgear NAT routers that should work using that same setting.

Never tried it (recently) myself though. Or did I have it working with an older Zyxel Prestige 316 wireless NAT router? I think I had the built in PPTP server in XP Pro working that way once.

To be really sure GRE is getting through, the router/firewall should have a GRE setting.

Reply

Answer 8

Aug 26, 2005 4:57 PM in response to Leif Carlsson

I am hoping that a GRE router soves the problem.

BUT should i not have been able to VPN PPTP to the router from behind the firewall. This should work, shouldn't it? Or is PPTP not able to sustain a VPN protocol from the same subnet?

Next thing I do will be to go shopping!

Reply

Answer 9

Aug 28, 2005 3:38 AM in response to Ward Bouwman2

If I remember correctly you should be able to test the PPTP connection while on the LAN but you must use the server private IP number not the public one.

Don't expect the connection to work "all the way" while on the LAN, just test so that no protocol errors show up in the connection log.

Reply

Answer 10

Sep 4, 2005 12:53 PM in response to Leif Carlsson

Could the problem come from that I do not run a WINS server on the network? Does mswindows need a WINS server to just have access to shared volumes?

Reply

Answer 11

Sep 6, 2005 7:05 AM in response to Ward Bouwman2

No.

Reply