map a drive over internet

How can i map a share driver over the internet without VPN?
I have windows 2003 file server.
local IP is NATed with public IP address
opened the port 445 and 139 on the Firewall
whe I try to map \\public_IP_addreess\Share name, it asks for the user ID and Password.
But it doesn't accept domain admin or Domain normal or local account.
Please help
Note NO VPN and Expanddrive can't be used
Who is Participating?
Allen WhiteConnect With a Mentor Directory Services Support Escalation EngineerCommented:
You're getting the logon prompt so you've got part of the connection. I think what you may be missing is just needing several more ports to be passed through and you should be set-

Along with port 139, open up the other 4 ports (135-138); port 138 specifically takes care of the browsing and logon.
DarinTCHSenior CyberSecurity EngineerCommented:
your missing a step or 2

mappped drives are for networks
in order to map a drive in different locations...
first you must connect the networks
as you mentioned with something like a VPN

does that mean you can not connect without a VPN -
not necessarily  there are other methods
you can connect to a remote location
(RDP-LOGMEIN-etc) and then remtely access a resource
plus there are many other options
you can make a publi share
advertise it
and then have your ISP resolve that share
mehannu1Author Commented:
Not clear about the solution.

RDP or Logme in can't be used.
We wanted connected to a share drive from Outside of our network over the publick IP address which is NATed to the local IP of the file server.
\\10.120..x.x\Share name
we wanted to do the same thing on the same server from Outside of our network
\\207.x.x.x\Share name

when we do that it asks for user id and password. But it doesn't accept it
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

DarinTCHSenior CyberSecurity EngineerCommented:
not meant to be used like that

you could possibly use a share via web or ftp

or 3rd party app like hamachi or webdrive

but not directly like your trying

not to mention the serious security issues

can it be made to work...maybe
possibly with port forwarding to fileshares
and if ISP does not block these ports
which they do
because every new virus / malware attacks these known ports

imho stay away - try a 3rd party tool - many are free
I agree with DarinTCH.  This is a serious security risk.
Allen WhiteDirectory Services Support Escalation EngineerCommented:
I agree with Darin as well that is a major security risk. However, to technically answer his question, you can use the ISP as the medium for your network connection given the suggestion I gave earlier. I confirmed this last night by setting up a 2003 server as the host and opening ports 135-139 on the firewall between the host and the client. The ISP that used in this lab setup is AT&T.

To the original poster, please let us know how it's progressing and if our suggestions helped.

DarinTCHSenior CyberSecurity EngineerCommented:
yes if you port forward those common ( and therefore troublesome ports)
but sometimes you need 445

and some have even gone webdav and 5005

so I guess I wanted you to know there are many other -- free - safer ways

and any Security - network or sysadmin worth his salt would NOT directly open these ports
Allen WhiteDirectory Services Support Escalation EngineerCommented:
I think he gets the picture that its not safe ;-) we don't know all the circumstances, this could be a lab setup.

*Regarding my test setup, I didn't use port forwarding. I used NAT and I simply allowed those ports through on my router. I tested this between 2 ISP service types -  the host on a home ISP and the client using the mobile cellular ISP. However, as you point out, for internet providers that don't have these ports open then forwarding is necessary.

Mehannu1, well to sum it up, you have a technical solution and also been given a number of safer/more secure recommendations as well :-)

So, how is the project working out thus far?
mehannu1Author Commented:
I've requested that this question be deleted for the following reason:

no longer needed
DarinTCHSenior CyberSecurity EngineerCommented:
But the question was answered in several comments
concern was expressed for obvious security issues
several direct solutions were provided
and several alternative solutions were provided
you might consider choosing the solution you liked or splitting the decision

as you mark the question complete it will be available for other EE users
Allen WhiteDirectory Services Support Escalation EngineerCommented:
option 3 - question answered by one or more expert comments

Reason: aside from security concerns, this post gave the technical answer

Additional info:

Reason: describes the setup and testing for solution
Allen WhiteDirectory Services Support Escalation EngineerCommented:
Also this site can do without the "me too" comments like the one from alizarraga1 since it added no value.

The site would also be better off if people like DarinTCH wouldn't post at all. Being that he was proven wrong then acted like a baby by constantly belittling the OP about security as well as his multiple comments on security after I have the correct answer just shows his immaturity and ignorance. A port doesn't make something insecure - it's the service running through that port that possibly affects how secure a connection is. Darin did you know you can remap port 139 to a VPN ?

Bottom line - we're here to provide technical answers, not to be judge and jury and ask why, but simply to answer how. Recommendations are welcome if the technical answer is given with it. But simply blabbing your not so humble and misinformed opinions does nothing to help and it only deters the OP from coming back to this site for help in the future.
You didn't even take the time to ask what his goals were or if it was a lab setup or anything. You were too focused on stroking your ego and tech savvy mad skillz which in the end just back fired on you and you were made to look like an idiot.

I hope neither you or alizarraga1 got any points. If possible, is give you negative points for your nonhelpful and over all ignorance that were only over shadowed by your poor attitude

To the OP: I'm embarrassed to be on the same site as these types of people, but please know that not everyone here is like that and I encourage you to keep active on the boards and forums here. Personally, I thought your question was a great one because not a lot of people are aware of what your issue addressed. You've done a great service by adding to the database here of other tricky questions which resulted in a solution that others like yourself will certainly benefit from.

Thanks again mehannu1!
And to DarinTCH - go outside and find a friend - learn how to interact with people without being a pompous elitest dick (and worst of all, you have nothing to be arrogant about) - once get some friends - and no doubt get your butt kicked in the process of correcting your social retardation - then come back and feel free to post and be constructive to the community.

If that caused a wound then why don't you pour some if your awesome "admin worth his salt" on it and go cry to your mother and beg her to enroll you in computer course. Until then, save us all from your verbal diarrhea
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.