gskortz
asked on
Change or Redirect SMB Port (445)
Comcast (ISP) blocks port 445 so SMB is not usable over the internet. Is it possible to configure Windows7 and Windows Server 2008R2 to use port other than 445? I have seen some articles about using Putty to create SSH tunnel but these seem specific to Unix/Lunix environments and CIFS mounts. Stuck working with client application in our "office" that needs to perform Windows mount (UNC) for server located in VM with public IP.
This seems to be a very risky setup from my POV.
Allowing an SMB connction directly over the internet would usually be a mistake of monumental proportions. There may be some wierd situations where you have absolutly no concerns about who on the planet can access your data, but that woudl not be normal.
If you really insist on doing this, you could configure your router to NAT with port translation, so that a different port, say 1445 was translated to 445.
The better way to do this under nearly all situations would be to configure a VPN. This could teminate either on you router, or the Windows Server. A VPN creates a secure tunnel between an endpoint and your internal network.
If you really insist on doing this, you could configure your router to NAT with port translation, so that a different port, say 1445 was translated to 445.
The better way to do this under nearly all situations would be to configure a VPN. This could teminate either on you router, or the Windows Server. A VPN creates a secure tunnel between an endpoint and your internal network.
@mal.
If I could give you 2 thumps up I would.
If I could give you 2 thumps up I would.
Please consider using Ipsec to setup a VPN connection or openVPN to setup a secure tunnel between the two location.
445 was disabled by most to curb the spread of ransomware , etc. that used that port ......
445 was disabled by most to curb the spread of ransomware , etc. that used that port ......
Oh redirecting the port to some other may not help a lot....
using SHODAN one can easily find what protocol responds on what port. So changing 445 to another port will help until the SHODAN search engine has visited your address once (at least several times / month)
f.y.i. SHODAN indexes the net using a crawler on port responses like google indexes the www. space. The port responses can be searched for.
So go for an VPN solution, where IPSEC is preferred, either site/site or in host mode if needed. DO NOT USE PPTP, that is trivialy broken, L2TP might be a viable alternative.
using SHODAN one can easily find what protocol responds on what port. So changing 445 to another port will help until the SHODAN search engine has visited your address once (at least several times / month)
f.y.i. SHODAN indexes the net using a crawler on port responses like google indexes the www. space. The port responses can be searched for.
So go for an VPN solution, where IPSEC is preferred, either site/site or in host mode if needed. DO NOT USE PPTP, that is trivialy broken, L2TP might be a viable alternative.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.