recently I am facing a problem regarding access to shared folder. I am not able to get access to shared folder over WAN location connected thru router.Although locally users are able to get access to the shared folders.This is happening to all the PC with shared folders. I have turned firewall settings off on Windows XP OS.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
share folders
- Thread starter arvindai
- Start date
watchguardmonkey
Technical User
there needs to be some static NAT'ing done on the WAN router to port forward the traffic from your pc to the pc with the shared folder.
- Thread starter
- #3
Hello
I have been trying to figure out as well how to see share folder over WAN links for sometime.
But when you think of it Windows annouces its share folder via broadcast.Routers will not foward broadcast,so I think the best solution,is centralizing all shares on a server and do some port mapping.
I hope the other techs can give some other solutions.
Regards
I have been trying to figure out as well how to see share folder over WAN links for sometime.
But when you think of it Windows annouces its share folder via broadcast.Routers will not foward broadcast,so I think the best solution,is centralizing all shares on a server and do some port mapping.
I hope the other techs can give some other solutions.
Regards
watchguardmonkey
Technical User
please expand;
how many people need to access the shared folder,
how many shared folders are they,
are the people that need access to the shared folder all in the same location?
how many people need to access the shared folder,
how many shared folders are they,
are the people that need access to the shared folder all in the same location?
In that situation I usually use a site to site vpn connection between my remote offices and allow all traffic from each location's subnets (unless I want to block something in particular). This way each location can share folders, access servers, etc. When a pc can't access a shared folder in another site, it's usually because a firewall is blocking ports 135-139 (netbios ports)which are used by windows for file sharing.
- Thread starter
- #9
tdd how can I crate site-to-site VPN between the remote offices. pls help. Also I am not using any external firewall & windows XP firewall is switch off. where else can I check if netbios ports are blocking. pls help as I am struck & need immediate solutions. thanks in advance
Hello
Before you can get good help you will need to give more information on your setup.Are you using a lease line?Do you have full control over the two gateway at the sites.Are you using Routers or PIX firewalls terminating to the WAN links.
If you have a dedicated line being that it's quite protected.You can keep thing simple and just open the ports 135-139 on the routers.The site-to-site VPN is CCSP material,a bit involve.Anyway if you choose that path I can send you some sample configurations.
Regards
Before you can get good help you will need to give more information on your setup.Are you using a lease line?Do you have full control over the two gateway at the sites.Are you using Routers or PIX firewalls terminating to the WAN links.
If you have a dedicated line being that it's quite protected.You can keep thing simple and just open the ports 135-139 on the routers.The site-to-site VPN is CCSP material,a bit involve.Anyway if you choose that path I can send you some sample configurations.
Regards
Hello
I spent my evening building an T1/E1 Lab (obviously simulating a dedicated line).An I have figured out a quick an easy solution.
It's the "ip helper-address" command.This command fowards 8 UDP broacast protocols.And lucky for you the NetBIOS Name Service and NetBIOS datagram Service are supported.The command should be put on the ethernet interface of both routers with the default gateway of the clients.
Router1(config-if)#ip helper-address 10.10.10.1
Router2(config-if)#ip helper-address 192.168.1.1
Hope this helps
Regards
I spent my evening building an T1/E1 Lab (obviously simulating a dedicated line).An I have figured out a quick an easy solution.
It's the "ip helper-address" command.This command fowards 8 UDP broacast protocols.And lucky for you the NetBIOS Name Service and NetBIOS datagram Service are supported.The command should be put on the ethernet interface of both routers with the default gateway of the clients.
Router1(config-if)#ip helper-address 10.10.10.1
Router2(config-if)#ip helper-address 192.168.1.1
Hope this helps
Regards
Hello
Here's the config of the two lab Routers
Router1#show run
Building configuration...
Current configuration : 772 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router1
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
!
!
!
ip audit notify log
ip audit po max-events 100
!
!
!
!
interface BRI0
no ip address
shutdown
!
interface FastEthernet0
ip address dhcp
ip helper-address 10.10.10.1
speed auto
no cdp enable
!
interface Serial0
ip address 172.16.1.1 255.255.255.0
no fair-queue
clockrate 2000000
!
router rip
passive-interface FastEthernet0
network 172.16.0.0
network 192.168.1.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
no ip http server
ip pim bidir-enable
!
!
no cdp run
!
!
line con 0
line aux 0
line vty 0 4
!
no scheduler allocate
end
Router2#show run
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router2
!
!
ip subnet-zero
!
!
!
interface Ethernet0
ip address 10.10.10.1 255.255.255.0
ip helper-address 192.168.1.14
no ip directed-broadcast
no cdp enable
!
interface Ethernet1
no ip address
no ip directed-broadcast
shutdown
!
interface Serial0
ip address 172.16.1.2 255.255.255.0
no ip directed-broadcast
no fair-queue
!
router rip
passive-interface Ethernet0
network 10.0.0.0
network 172.16.0.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
!
!
line con 0
exec-timeout 0 0
transport input none
line vty 0 4
!
end
Here's the config of the two lab Routers
Router1#show run
Building configuration...
Current configuration : 772 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router1
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
!
!
!
ip audit notify log
ip audit po max-events 100
!
!
!
!
interface BRI0
no ip address
shutdown
!
interface FastEthernet0
ip address dhcp
ip helper-address 10.10.10.1
speed auto
no cdp enable
!
interface Serial0
ip address 172.16.1.1 255.255.255.0
no fair-queue
clockrate 2000000
!
router rip
passive-interface FastEthernet0
network 172.16.0.0
network 192.168.1.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
no ip http server
ip pim bidir-enable
!
!
no cdp run
!
!
line con 0
line aux 0
line vty 0 4
!
no scheduler allocate
end
Router2#show run
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router2
!
!
ip subnet-zero
!
!
!
interface Ethernet0
ip address 10.10.10.1 255.255.255.0
ip helper-address 192.168.1.14
no ip directed-broadcast
no cdp enable
!
interface Ethernet1
no ip address
no ip directed-broadcast
shutdown
!
interface Serial0
ip address 172.16.1.2 255.255.255.0
no ip directed-broadcast
no fair-queue
!
router rip
passive-interface Ethernet0
network 10.0.0.0
network 172.16.0.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
!
!
line con 0
exec-timeout 0 0
transport input none
line vty 0 4
!
end
Be careful with IP Helpers & Windows networking.....
By default Cisco Routers forward 9 types of UDP broadcasts when IP Helpers are enabled - DHCP Client & Server broadcasts, TFTP, nameserver, DNS, NTP, NetBIOS-ns, NetBIOS-dgm and Tacacs. If you leave these enabled then Windows NetBIOS gets upset and you will see Master Browser errors and usually intermittent Browser issues (Windows networking NOT Internet Browsing). This is because the Browser announcment broadcasts are forwarded to the IP Helpers.
You should disable all UDP broadcast forwarding except DHCP using the following in globacl configuration:
no ip forward-protocol udp tftp
no ip forward-protocol udp nameserver
no ip forward-protocol udp domain
no ip forward-protocol udp time
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp tacacs
You need to ensure your Windows Name Resolution works throughout your Routed network, this generally means WINS & DNS. In a lot of networks you can disable WINS and NetBIOS over IP (NBT) but check your applications don't need NetBIOS first....
HTH
Andy
By default Cisco Routers forward 9 types of UDP broadcasts when IP Helpers are enabled - DHCP Client & Server broadcasts, TFTP, nameserver, DNS, NTP, NetBIOS-ns, NetBIOS-dgm and Tacacs. If you leave these enabled then Windows NetBIOS gets upset and you will see Master Browser errors and usually intermittent Browser issues (Windows networking NOT Internet Browsing). This is because the Browser announcment broadcasts are forwarded to the IP Helpers.
You should disable all UDP broadcast forwarding except DHCP using the following in globacl configuration:
no ip forward-protocol udp tftp
no ip forward-protocol udp nameserver
no ip forward-protocol udp domain
no ip forward-protocol udp time
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp tacacs
You need to ensure your Windows Name Resolution works throughout your Routed network, this generally means WINS & DNS. In a lot of networks you can disable WINS and NetBIOS over IP (NBT) but check your applications don't need NetBIOS first....
HTH
Andy
- Thread starter
- #15
I figured out the problem, its was due to ACL configured to block netbios & SMB ports. Now I disable the same ACL & I am able to get access to shared folders. But now the problem is that the tunnel interface is showing down. while the serial IP is showing as up which is tunnel source IP. Router is not able to form adjancy with neighbor router. Is there any relation with netbios traffic with tunnel interface or OSPF process. Pls help
- Thread starter
- #17
The ACL I completely turned down on fa0/0 interface is following:
access-list 116 deny tcp any any eq 3198
access-list 116 deny tcp any any eq 3127
access-list 116 deny tcp any any eq 135
access-list 116 deny udp any any eq 135
access-list 116 deny udp any any eq netbios-ns
access-list 116 deny udp any any eq netbios-dgm
access-list 116 deny tcp any any eq 139
access-list 116 deny udp any any eq netbios-ss
access-list 116 deny tcp any any eq 445
access-list 116 deny tcp any any eq 593
access-list 116 deny tcp any any eq 4444
access-list 116 permit ip any any
Pls tell is there any relation of its with other configuration except file sharing and any impact on the overall configuration. thanks
access-list 116 deny tcp any any eq 3198
access-list 116 deny tcp any any eq 3127
access-list 116 deny tcp any any eq 135
access-list 116 deny udp any any eq 135
access-list 116 deny udp any any eq netbios-ns
access-list 116 deny udp any any eq netbios-dgm
access-list 116 deny tcp any any eq 139
access-list 116 deny udp any any eq netbios-ss
access-list 116 deny tcp any any eq 445
access-list 116 deny tcp any any eq 593
access-list 116 deny tcp any any eq 4444
access-list 116 permit ip any any
Pls tell is there any relation of its with other configuration except file sharing and any impact on the overall configuration. thanks
- Status