turchinc
asked on
Concurrent NetBios (SMB) requests over a NAT Firewall?
Hi,
I have the following problem:
a win32 client application needs file-level access to a UNC share (e.g. '\\server\fileshare') located in a network segment only accessible via a NAT firewall (that is, all connections to this UNC share go over the NAT).
Having configured the firewall to allow NetBios traffic (TCP port 139), I have managed to get the application to run satisfactorily.
However, as soon as two clients are up and performing any sort of File I/O on this share (not on the same file or even in the same directory necessarily), one of the clients chokes up.
I have tested this on OS-level by simply mounting the share as a network drive and interacting with it and even here I have difficulties as soon as I try doing concurrent accesses from multiple systems behind the NAT.
I have configured numerous protocols (MS-SQL, mysql, http, etc.) to pass through the NAT without difficulty. What is the difference with NetBIOS/SMB?
Is there any way to get concurrency over the NAT and if so, how?
BTW, The situation is reproducible with a number of different NAT firewalls, specifically the ISA Server from Microsoft and some ipchains variant running on linux/bsd (it is off-site and I don't have the exact details) seem to have this trouble.
Any information regarding this situation would definitely make my day.
Many thanks and best regards,
--chris
I have the following problem:
a win32 client application needs file-level access to a UNC share (e.g. '\\server\fileshare') located in a network segment only accessible via a NAT firewall (that is, all connections to this UNC share go over the NAT).
Having configured the firewall to allow NetBios traffic (TCP port 139), I have managed to get the application to run satisfactorily.
However, as soon as two clients are up and performing any sort of File I/O on this share (not on the same file or even in the same directory necessarily), one of the clients chokes up.
I have tested this on OS-level by simply mounting the share as a network drive and interacting with it and even here I have difficulties as soon as I try doing concurrent accesses from multiple systems behind the NAT.
I have configured numerous protocols (MS-SQL, mysql, http, etc.) to pass through the NAT without difficulty. What is the difference with NetBIOS/SMB?
Is there any way to get concurrency over the NAT and if so, how?
BTW, The situation is reproducible with a number of different NAT firewalls, specifically the ISA Server from Microsoft and some ipchains variant running on linux/bsd (it is off-site and I don't have the exact details) seem to have this trouble.
Any information regarding this situation would definitely make my day.
Many thanks and best regards,
--chris
Hmm, that's an interesting one. I'm so used to NOT opening those ports arcross NAT and/or firewalls that I've never really played with it much. I do know that I've read in the past that MS officially doesn't support SMB across NAT. This was a while ago - I haven't checked on their site or anything yet. I also do know that 2000 uses port 445 for SMB, but will use 139 if it has to. If the OS is 2000, you could try port 445 to see if that will work - maybe this works a bit differently? I'll see if I can find more info..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Wow. What amazing reaction time. I googled for hours to no avail and I post here and have a very probable solution in minutes...
Server is W2K and still running SP2. I am updating it to SP3 right now and if that works, then I will accept as the correct answer!
Server is W2K and still running SP2. I am updating it to SP3 right now and if that works, then I will accept as the correct answer!
Well I hope that works. I checked more into SMB over NAT and didn't find much. I think I may have been thinking of Netlogon over NAT not working and not being supported - but that was like 3 or 4 years ago. Like I said, it's fairly rare to do this so I haven't come across it much over the years.
FYI, netlogon doesn't like the older versions of the Cisco IOS when your using CEF.
ASKER
A grade-A answer to my problem. Many thanks!!!!
Hey glad to hear that worked!