Filesharing over ports 445 and 139

Discussion in 'LnS English Forum' started by act8192, Sep 14, 2011.

Thread Status:
Not open for further replies.
  1. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,273
    Lns 2.0.7, Phant0m rules 008.5r1, WinXP-SP3.
    Under 008.4 I had to make me rules for filesharing to supplement P-rules for WinF&P sharing. No problems. It worked fine.
    But since I've just started clean LnS, and with a better Advanced options list, I wanted to see which, if any, of my port 139 and 445 rules really must be in for the LAN.
    It appears that I still have to drag them in, what do you think?

    Details: Each computer has mapped drives to another, both by computer name and by IP. Both set to reconnect at logon.
    Both computers' TCP/IP properties permit NetBIOS over wired connections.
    This log is from the moment the other computer (.63) booted. All TCP incoming packets have an "S" flag on them.
    139and445.png

    Packets 17-34 are during the other box booting, where packets 21-28 are netbios broadcasts from .63 to 192.168.54.255.
    Packets 40-45 are when I want to connect from the other computer to me and Windows says that error occured while reconnecting to \\myIP\directory or for \\compName\directory it says No network found.

    I have no problem connecting out and using the specified directories on .63.

    It's not terribly important, but I thought I'd ask anyway.

    Edit @7:30pm
    In several firewalls I used, I always included ports 135,137-139,445 for LAN sharing since M$ played with NetBIOS and its 445 replacement (maybe). Might that be included in the P-rules as well, by default? Or is it a security issue of some sort.
     
    Last edited: Sep 14, 2011
  2. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hi act8192,

    Try the update.
     
  3. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,273
    Sounds great to be able to eliminate 2 rules, thanks :)
    But, I'm having problem installing
    .zip md5 matches so I don't know what to check to make it work.
     
  4. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,273
    Never mind. It installed. It turns out I had to reenter serial even though it was prefilled on the dialog.
     
  5. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,273
    I think we're looking good, thanks Phant0m :)
    Filesharing-ok.png
    I pasted in view from the other box in the bottom corner.
    I assume incoming is permitted only for my LAN in the details of the new Win F&P... rules, correct?
     
  6. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Regarding ‘-Microsoft-DS’ rule blocking of the wanted LAN sharing, this rule was a newer addition to block silently Microsoft-DS traffic coming from the web. However it was using ‘IP : Address’ criteria ‘In Range’ or ‘Mask’ (depending on ForceConfig.ini Network settings) instead of ‘Out range’ and ‘Not Mask’ on LAN Microsoft-DS packets. The ‘Win.F&P Sharing_Microsoft-DS*’ was for accepting the wanted LAN Microsoft-DS packets, but these packets was stopped first by ‘-Microsoft-DS’.

    If the saved serial was wrong, you wouldn’t get to the next screen where it retrieves information, ‘? Failure to save Ruleset file.’ was likely from the file being temporarily locked.


    I released a revised version.
     
  7. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,273
    Phantom, I'm glad you're around again. A bit of setback here. While the Windows computer could connect to my share, the linux mint computer could not until I brought back one of my rules. Might be the high ports they're coming from. All these packets are just Synch flag.
    MintCantConnect(P-rules).png
     
  8. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    You didn't get the update did you? ;)
     
  9. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,273
    oops, you mean from post#6? no, 'cause I just logged in probably seconds after you did. I saw the sentence and thought it might still refer to 008.6. But basically was trying to carefully read and understand your story about M$-DS. I'll report back tomorrow after the new release.

    edit: but if there was the block as you described, why did it work with the windows computer connecting to me?

    edit2: wont' this be the same story then with -TCP block incoming followed by TCP allow outo_O
     
    Last edited: Sep 15, 2011
  10. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    If you in reference to the Build 008.6, because there was a fix.
     
  11. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,273
    Using 008.6r1 - as before in post#7, for some reason we're blocking the linux computer incoming connection attempts.
    Phant0m, if you've ran out of patience with me, just say it, 'cause I can import my previous 139,445 incoming rule and be done with it :)
     
  12. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    That is probably linked to using Look ‘n’ Stop ‘Local In’ criteria for dynamic ports, can you go into a standard rule that shows ‘Local In’ port range and see if the blocked packets are outside this range?
     
  13. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    I think your PC that Look 'n' Stop is installed on is using dynamic range 1024-5000, Linux using wider dynamic range
     
  14. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,273
    I know they come in from high numbered ports.
    Which rule should I look at, please

    edit: TCP authorize communication has no port restriction on the remote
     
  15. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    View the rule 'Win.Remote Desktop Connection'
     
  16. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,273
  17. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    heh u done it wrong ... regarding attaching files in specific places on a post. ;)
     
  18. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,273
  19. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Export the rule 'Win.F&P Sharing_Microsoft-DS, HTTP, NetBIOS-s' and send it and I will remove the port range or widen the range to your specifications (if you know highest dynamic port ever used).
     
  20. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,273
    yah, I know I messed up the attachments :)
     
  21. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,273
    ok, will export and email
     
  22. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    e-mail responded.
     
  23. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,273
    And done well
    MintConnections.png
    it now works sharing my files by the linux box and my computer continues to see the linux share. Thank you for the speedy job :)
     
  24. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    You are certainly welcome act8191.
     
  25. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,273
    Phant0m rules 008.8 contain the old, unmodified, Win. F&P sharing rule. Whether by design or not, I don't know.
    I had to import the new, good, rule into the 008.8 setup. I mention this because Windows7 or Vista users might need this rule with the remote ports range changed.
    One potential problem - When Phant0m worked on it, I suggested ports range above 40000 (thinking of 49152 :)), but saw the other day something in the 39 thousand range. I don't really know what the "normal" range for linux is, but it's worth keeping in mind that some further adjustment might be needed.
     
Thread Status:
Not open for further replies.