Solved

I am having trouble sharing files between my LAN and WLAN with a SonicWall TZW firewall

Posted on 2004-08-14
9
656 Views
Last Modified: 2013-11-09
Hi,

Does anyone have any suggestions on how I can get a TZW to share files?
I can ping between my LAN -> WLAN and WLAN -> LAN.
I have a rule set for LAN -> WLAN NETBIOS allow
I have a rule set for WLAN -> LAN NETBIOS allow
I have a rule set for LAN -> WLAN DNS allow
I have a rule set for WLAN -> LAN DNS allow

I have a check mark in Windows Networking (NetBIOS) Broadcast Pass Through From WLAN to LAN

In Predefined Services I have
Name Service (DNS) 53 53 TCP
Name Service (DNS) 53 53 UDP
NetBios 137 137 TCP
NetBios 137 137 UDP
NetBios 138 138 TCP
NetBios 138 138 UDP
NetBios 139 139 TCP
NetBios 139 139 UDP

I don't have a wins server. I do have all PC's in Lmhosts. I can't
see other PC's in Network Neighborhood. A search fails when I search
on name. If I try to open a different PC from the run command with
\\192.168.1.113 it fails WLAN -> LAN.  If I run the same from WLAN -> WLAN it works fine \\192.168.2.219.

I have run a test on the ports and here is the results:
137/tcp    open        netbios-ns              
138/tcp    open        netbios-dgm            
139/tcp    open        netbios-ssn  
445/tcp    open        microsoft-ds            

Any Ideas?
0
Comment
Question by:docfxit
  • 2
  • 2
  • 2
  • +1
9 Comments
 
LVL 5

Expert Comment

by:Dragonmen
ID: 11801858
More information would be very helpful.
What is the ip number of the computers ?
What is wan address? Are other computers using same router?
Is all computers on the same lan?

wlan->lan with address 192.168.1.113 shouldn't be possible. It's reserved for internal lan, like 10.0.0.0.
0
 
LVL 7

Expert Comment

by:CajunBill
ID: 11801937
You mention 192.168.1.113 and 192.168.2.219, these are by default not in the same network.
It looks like one of them is on your wireless lan and the other on the hardwired lan.
If so, does the Sonicwall force you to assign different networks to the lan an wlan?
You could have better luck if both the lan and wlan have the same network number.

You say you cannot see other PCs in network neighborhood.
As a start, you should be able to see at least all the PCs on the hardwired lan from any PC on that lan,
and all PCs on the wireless lan from any PC on the wireless lan.
If you cannot do that then you need to solve that first, before worrying about seeing PCs on the other side of the Sonicwall.

HTH
Let us know what the status is!
0
 

Author Comment

by:docfxit
ID: 11802546
Hi  Dragonmen,

To answer your questions:
I will keep this as simple as possible.
The WAN address is 192.168.3.1
One WLAN address is 192.168.2.219
One LAN address is 192.168.1 113
It is mandatory in a SonicWall TZW that each have there own sub domain.  It won't communicate if they aren't on a different sub domain.  
The FireWall and Router are all one hardware box called a SonicWall TZW.
Some computers are on the LAN and some computers are on the WLAN.
The SonicWall is supposed to create the link between sub domains.  That is where my need is in knowing how to configure the SonicWall.

Hi CajunBill,

You are correct.  SonicWall does that mandatory and on purpose so they start with all ports closed.  I need to figure out how to open up the correct ports.
It seems to me also that I should be able to see all  PC's on the LAN from the LAN 192.168.1.xxx
And all PC's on the WLAN from any other PC's on the WLAN 192.168.2.xxx
And because I have rules saying all PC's on the WLAN should pass ports 137-139 & 445 to the   LAN.
And because I have rules saying all PC's on the    LAN should pass ports 137-139 & 445 to the WLAN.
I should be able to see all PC's on both sub domains.

If you know the SonicWall this should be a piece of cake to solve.
If you know networking you should be able to tell me what ports need to be passed to get this working.
If you know how NETBios works this should be a piece of cake to figure out.

I am obviously not doing something correctly.
0
Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

 
LVL 5

Expert Comment

by:jjk16
ID: 11802930
netbios uses ports    137-139,  also want to enable icmp and it doesnt mattter really though, since im guessing that all the computers are connected through a the same switch on the router,

first off, ping the ips of each comp

start run - command hit enter black box comes up, type ping 192.168.0.1 or whatver the ip is

get a reply?
is there a firewall on the comp your pinging?
it might block the ping

also from command prompt try this

route add othercompIP yourCompIP persistent:yes

it will add to your routing tables
not really neccesary

do this, start run \\ipaddress    do you see any shares?
try this as well   start run command hit enter
type in netview \\ipaddress

can you see anything

networking is networking, no matter what the device
0
 
LVL 7

Accepted Solution

by:
CajunBill earned 500 total points
ID: 11803039
Yes, I have some Sonicwalls of my own - but not that model.
Anyway, the Sonicwall is not simply a switch, but instead a firewall, as you know.

In order to make the subnets communicate as you have been trying to do,
you may need to set up VPNs between the hardwired and wireless lans.
That's because they are on different network numbers, and this type of Windows traffic does not normally go between networks.
But before that will work for you, the Network Neighborhood must work within the subnets.
After that you can try to make it work between subnets.

You probably need to open up some more ports.
The simplest thing (and of course the least secure) would be to open all ports between the hardwired and wireless lans.
But it may be that all you need is to allow something like SMB in both directions.
HTH!
0
 

Author Comment

by:docfxit
ID: 11803215
Hi jjk16,

Your statement of "networking is networking, no matter what the device" is correct.  I agree.  How the OS or in this case the firewall is the unknown.  Your suggestions to  test each component of the network is excellent.  As you will see in a moment (since I figured it out) sometimes it helps to know the equipment.  I defiantly don't profess to know or understand this box.  And since I have been on the phone with SonicWall Tech Support with 1st level (India), 2nd level (India) and 3rd level (AZ) they don't seem to know the box either.

Hi CajunBill,

It sounds like you understand more about  SonicWall firewalls.  I think you were actually on the right track.  The difference between other models and this one is this one has one more layer.  Your's  probably has a WAN and a LAN on two different subnets.  This one has a built in Wireless also so there are other wireless  areas that make this more complicated.

I did setup VPN's between the Wireless and the SonicWall.  I experienced a problem trying to pass remote printer information on port 515.  It wouldn't work through the SonicWall VPN client.  When I turned off the VPN and WiFiSec Enforcement port 515 started working.    I'm waiting for a call from 3rd level as to the solution.  I did turn on "Enable MAC Filter List" so no one else can get into my wireless but it doesn't protect any sensitive information.  To answer your next question, I don't know how to turn on all ports.  If I did that would certainly be a good way to find out if  the problem is with the firewall or not.   I also don't know what SMB is.  I don't have an option in the firewall that says SMB.  Maybe there is another name for it?

I  have figured out what the problem was.  One of the support techs had me add a rule to the firewall  Allow WLAN -> LAN  Any.    Which means open any (and all) ports from WLAN -> LAN.
As soon as I  turned that rule off  i was able to search (and find)  the PC's  from the wireless to the LAN.  I know it sounds crazy but I have also found other rules that conflict and cause problems.  I don't know how long this firewall has been around but as far as I am concerned they don't have the bugs out yet.

Thanks for your help.
0
 
LVL 5

Expert Comment

by:Dragonmen
ID: 12579367
Ok, for the port allowing you need to enable ports 137-139 for the netbios and port 445 for ms-ds.
For the routing to function you should use your firewall as a gateway.
Did some of this helps ?
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now