mehannu1
asked on
map a drive over internet
How can i map a share driver over the internet without VPN?
I have windows 2003 file server.
local IP is NATed with public IP address
opened the port 445 and 139 on the Firewall
whe I try to map \\public_IP_addreess\Share name, it asks for the user ID and Password.
But it doesn't accept domain admin or Domain normal or local account.
Please help
Note NO VPN and Expanddrive can't be used
I have windows 2003 file server.
local IP is NATed with public IP address
opened the port 445 and 139 on the Firewall
whe I try to map \\public_IP_addreess\Share
But it doesn't accept domain admin or Domain normal or local account.
Please help
Note NO VPN and Expanddrive can't be used
ASKER
Not clear about the solution.
RDP or Logme in can't be used.
We wanted connected to a share drive from Outside of our network over the publick IP address which is NATed to the local IP of the file server.
Eg;
\\10.120..x.x\Share name
we wanted to do the same thing on the same server from Outside of our network
\\207.x.x.x\Share name
when we do that it asks for user id and password. But it doesn't accept it
RDP or Logme in can't be used.
We wanted connected to a share drive from Outside of our network over the publick IP address which is NATed to the local IP of the file server.
Eg;
\\10.120..x.x\Share name
we wanted to do the same thing on the same server from Outside of our network
\\207.x.x.x\Share name
when we do that it asks for user id and password. But it doesn't accept it
not meant to be used like that
you could possibly use a share via web or ftp
www.mydomain.com/sharetest
or 3rd party app like hamachi or webdrive
but not directly like your trying
not to mention the serious security issues
can it be made to work...maybe
possibly with port forwarding to fileshares
and if ISP does not block these ports
which they do
because every new virus / malware attacks these known ports
imho stay away - try a 3rd party tool - many are free
you could possibly use a share via web or ftp
www.mydomain.com/sharetest
or 3rd party app like hamachi or webdrive
but not directly like your trying
not to mention the serious security issues
can it be made to work...maybe
possibly with port forwarding to fileshares
and if ISP does not block these ports
which they do
because every new virus / malware attacks these known ports
imho stay away - try a 3rd party tool - many are free
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I agree with DarinTCH. This is a serious security risk.
I agree with Darin as well that is a major security risk. However, to technically answer his question, you can use the ISP as the medium for your network connection given the suggestion I gave earlier. I confirmed this last night by setting up a 2003 server as the host and opening ports 135-139 on the firewall between the host and the client. The ISP that used in this lab setup is AT&T.
To the original poster, please let us know how it's progressing and if our suggestions helped.
Thanks,
Allen
To the original poster, please let us know how it's progressing and if our suggestions helped.
Thanks,
Allen
yes if you port forward those common ( and therefore troublesome ports)
but sometimes you need 445
and some have even gone webdav and 5005
so I guess I wanted you to know there are many other -- free - safer ways
and any Security - network or sysadmin worth his salt would NOT directly open these ports
but sometimes you need 445
and some have even gone webdav and 5005
so I guess I wanted you to know there are many other -- free - safer ways
and any Security - network or sysadmin worth his salt would NOT directly open these ports
I think he gets the picture that its not safe ;-) we don't know all the circumstances, this could be a lab setup.
*Regarding my test setup, I didn't use port forwarding. I used NAT and I simply allowed those ports through on my router. I tested this between 2 ISP service types - the host on a home ISP and the client using the mobile cellular ISP. However, as you point out, for internet providers that don't have these ports open then forwarding is necessary.
Mehannu1, well to sum it up, you have a technical solution and also been given a number of safer/more secure recommendations as well :-)
So, how is the project working out thus far?
*Regarding my test setup, I didn't use port forwarding. I used NAT and I simply allowed those ports through on my router. I tested this between 2 ISP service types - the host on a home ISP and the client using the mobile cellular ISP. However, as you point out, for internet providers that don't have these ports open then forwarding is necessary.
Mehannu1, well to sum it up, you have a technical solution and also been given a number of safer/more secure recommendations as well :-)
So, how is the project working out thus far?
ASKER
I've requested that this question be deleted for the following reason:
no longer needed
no longer needed
@mehannu1
But the question was answered in several comments
concern was expressed for obvious security issues
several direct solutions were provided
and several alternative solutions were provided
you might consider choosing the solution you liked or splitting the decision
as you mark the question complete it will be available for other EE users
But the question was answered in several comments
concern was expressed for obvious security issues
several direct solutions were provided
and several alternative solutions were provided
you might consider choosing the solution you liked or splitting the decision
as you mark the question complete it will be available for other EE users
option 3 - question answered by one or more expert comments
html#a39267679
Reason: aside from security concerns, this post gave the technical answer
Additional info:
html#a39286354
Reason: describes the setup and testing for solution
html#a39267679
Reason: aside from security concerns, this post gave the technical answer
Additional info:
html#a39286354
Reason: describes the setup and testing for solution
Also this site can do without the "me too" comments like the one from alizarraga1 since it added no value.
The site would also be better off if people like DarinTCH wouldn't post at all. Being that he was proven wrong then acted like a baby by constantly belittling the OP about security as well as his multiple comments on security after I have the correct answer just shows his immaturity and ignorance. A port doesn't make something insecure - it's the service running through that port that possibly affects how secure a connection is. Darin did you know you can remap port 139 to a VPN ?
Bottom line - we're here to provide technical answers, not to be judge and jury and ask why, but simply to answer how. Recommendations are welcome if the technical answer is given with it. But simply blabbing your not so humble and misinformed opinions does nothing to help and it only deters the OP from coming back to this site for help in the future.
You didn't even take the time to ask what his goals were or if it was a lab setup or anything. You were too focused on stroking your ego and tech savvy mad skillz which in the end just back fired on you and you were made to look like an idiot.
I hope neither you or alizarraga1 got any points. If possible, is give you negative points for your nonhelpful and over all ignorance that were only over shadowed by your poor attitude
To the OP: I'm embarrassed to be on the same site as these types of people, but please know that not everyone here is like that and I encourage you to keep active on the boards and forums here. Personally, I thought your question was a great one because not a lot of people are aware of what your issue addressed. You've done a great service by adding to the database here of other tricky questions which resulted in a solution that others like yourself will certainly benefit from.
Thanks again mehannu1!
And to DarinTCH - go outside and find a friend - learn how to interact with people without being a pompous elitest dick (and worst of all, you have nothing to be arrogant about) - once get some friends - and no doubt get your butt kicked in the process of correcting your social retardation - then come back and feel free to post and be constructive to the community.
If that caused a wound then why don't you pour some if your awesome "admin worth his salt" on it and go cry to your mother and beg her to enroll you in computer course. Until then, save us all from your verbal diarrhea
The site would also be better off if people like DarinTCH wouldn't post at all. Being that he was proven wrong then acted like a baby by constantly belittling the OP about security as well as his multiple comments on security after I have the correct answer just shows his immaturity and ignorance. A port doesn't make something insecure - it's the service running through that port that possibly affects how secure a connection is. Darin did you know you can remap port 139 to a VPN ?
Bottom line - we're here to provide technical answers, not to be judge and jury and ask why, but simply to answer how. Recommendations are welcome if the technical answer is given with it. But simply blabbing your not so humble and misinformed opinions does nothing to help and it only deters the OP from coming back to this site for help in the future.
You didn't even take the time to ask what his goals were or if it was a lab setup or anything. You were too focused on stroking your ego and tech savvy mad skillz which in the end just back fired on you and you were made to look like an idiot.
I hope neither you or alizarraga1 got any points. If possible, is give you negative points for your nonhelpful and over all ignorance that were only over shadowed by your poor attitude
To the OP: I'm embarrassed to be on the same site as these types of people, but please know that not everyone here is like that and I encourage you to keep active on the boards and forums here. Personally, I thought your question was a great one because not a lot of people are aware of what your issue addressed. You've done a great service by adding to the database here of other tricky questions which resulted in a solution that others like yourself will certainly benefit from.
Thanks again mehannu1!
And to DarinTCH - go outside and find a friend - learn how to interact with people without being a pompous elitest dick (and worst of all, you have nothing to be arrogant about) - once get some friends - and no doubt get your butt kicked in the process of correcting your social retardation - then come back and feel free to post and be constructive to the community.
If that caused a wound then why don't you pour some if your awesome "admin worth his salt" on it and go cry to your mother and beg her to enroll you in computer course. Until then, save us all from your verbal diarrhea
mappped drives are for networks
in order to map a drive in different locations...
first you must connect the networks
as you mentioned with something like a VPN
does that mean you can not connect without a VPN -
not necessarily there are other methods
you can connect to a remote location
(RDP-LOGMEIN-etc) and then remtely access a resource
plus there are many other options
you can make a publi share
advertise it
and then have your ISP resolve that share