davewag77
asked on
SMB share over internet
I'm trying to share a folder over the internet from win 2k8 r2 server. The SMB share works internally.
The server has a static IP and I've opened the following ports in the firewall:
TCP Any -> 135-139
Any -> 445
Any -> 3389
UDP Any -> 135-139
Any -> 445
Any thoughts? What am I missing?
The server has a static IP and I've opened the following ports in the firewall:
TCP Any -> 135-139
Any -> 445
Any -> 3389
UDP Any -> 135-139
Any -> 445
Any thoughts? What am I missing?
ASKER
I know the danger - need it for one specific instance - but thank you for the concern.
Its got its own external static IP - no NAT policy needed to forward ports to access the server - just had to make sure the firewall won't kill the connection. I've got 445 open and still no SMB. Other services are working, like HTTP, HTTPS, and Remote desktop, over their respective ports.
Thanks
Its got its own external static IP - no NAT policy needed to forward ports to access the server - just had to make sure the firewall won't kill the connection. I've got 445 open and still no SMB. Other services are working, like HTTP, HTTPS, and Remote desktop, over their respective ports.
Thanks
Yes, just TCP port 445 is what is required to access the file server. You do not need any other ports.
From the firewall can you telnet to your file server on port 445?
As mcsween suggested this could be related to NAT.
From the firewall can you telnet to your file server on port 445?
As mcsween suggested this could be related to NAT.
Check the Firewall on the server itself. TCP 445 may only be open to specific subnets.
How is the server connected to the LAN?
Do you have multiple interfaces on the server?
How is the server connected to the LAN?
Do you have multiple interfaces on the server?
ASKER
For troubleshooting purposes, I bypassed the firewall entirely and disabled windows firewall. Right now the box is hooked directly to the ISP with its static external IP.
I cannot telnet to 445 - unable to connect to remote host. Is there some service that should be running and isn't?
I cannot telnet to 445 - unable to connect to remote host. Is there some service that should be running and isn't?
Your ISP could be blocking TCP 445
ASKER
To the best of my knowledge, Verizon doesn't block any of our ports, but I am double checking with them right now (on hold).
This should work right off the bat once theres a folder being shared (and if smb shares were internally accessible on the network), assuming no firewall issues, right?
This should work right off the bat once theres a folder being shared (and if smb shares were internally accessible on the network), assuming no firewall issues, right?
Yes; it should. You are trying to access by \\PublicIP correct?
ASKER
Yes, trying with public IP as well as fqdn, with \\IP\share and just \\IP\, \\IP etc. No luck...
I would setup MS Network Monitor or Wireshark on this system, start a capture, and try to access the share to see if any packets are making it to the server at all. If you have the ability to put a HUB between the server and ISP then capture from a 3rd workstation connected to the HUB you will get a bit more insight as to what is going on as you will see packets that are blocked at the server. You will have to use a HUB, not a switch unless it is managed and is setup for port mirroring.
I prefer Wireshark but MS Network Monitor is easier to use IMHO.
http://www.microsoft.com/download/en/details.aspx?id=4865
http://www.wireshark.org/
I prefer Wireshark but MS Network Monitor is easier to use IMHO.
http://www.microsoft.com/download/en/details.aspx?id=4865
http://www.wireshark.org/
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
unresolved
Now to get this working you need a NAT policy on your firewall to direct inbound traffic from your Public IP to the specific IP you are sharing this folder from.
Can you tell me what type of internet firewall you are using?
I believe you only need TCP 445 for SMB file shares as well. You won't need NetBIOS (137) or RPC. (135) or RDP (3389). You shouldn't need any of the UDP either.